02-12-2009 06:00 AM
Hi,
I have an Cisco MDS environment with tacacs+ user authentication.
Now I would like to script some stuff and automatically login to the switch via ssh without a password.
How can I do that with TACACS+?
Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)
thanks for help
rgds,
Mike
02-12-2009 12:31 PM
Hi Mike,
You can use ssh keys on MDS'. From the top of my head (its been a while!) its
config# username blah sshkey your_key_here
or something similar, like I said its been a while.
Cheers
02-13-2009 03:12 AM
Check this link out, specifically page 3-19 for instructions on how to set up the SSH user for pre-shared key access.
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/cookbook/MDScookbook31a.pdf
Hope this helps,
Mike
02-13-2009 10:22 AM
Hi,
thanks - it works with key.
However I still would like to store this sshkey on a central place.
If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?
rgds,
Mike
02-13-2009 02:14 PM
I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.
Thanks,
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: