I am in the process of exchanging c2950 with c2960s (15.2.1.E switches and want to take advantage of public key login with openssh for administrative tasks. Right now I can login using openssh and any user (for example "tom") that is known to the RADIUS server in place. I want to have a user "nms" on my solaris machine with its key pair that is able to login to the switches using the public key login. Now, I looked around and found stuff which, to me, should work, but it does not.
When my "nms" user tries to login with public key from the solaris machine, he only gets the motd banner and and "% Authorization failed." message and on the switch the debug show "AAA/AUTHOR/EXEC(00000070): Authorization FAILED". The login with a password however works just fine.
Bellow the details on the freeradius user config for "nms", how the key pair was generated, the cisco configuration I did to try to make public key auth work and the debugs (with password and with public key) on the switch. I think I am almost there but a little detail must be missing.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...