Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS+ / SSHauth

Hi,

I have an Cisco MDS environment with tacacs+ user authentication.

Now I would like to script some stuff and automatically login to the switch via ssh without a password.

How can I do that with TACACS+?

Is it still possible to use private/public sshkeys? If yes - how does this work with cisco switch? (Where do I put key from my host?)

thanks for help

rgds,

Mike

4 REPLIES
Bronze

Re: TACACS+ / SSHauth

Hi Mike,

You can use ssh keys on MDS'. From the top of my head (its been a while!) its

config# username blah sshkey your_key_here

or something similar, like I said its been a while.

Cheers

Cisco Employee

Re: TACACS+ / SSHauth

Check this link out, specifically page 3-19 for instructions on how to set up the SSH user for pre-shared key access.

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/cookbook/MDScookbook31a.pdf

Hope this helps,

Mike

New Member

Re: TACACS+ / SSHauth

Hi,

thanks - it works with key.

However I still would like to store this sshkey on a central place.

If I do it the"normal" way I need to create a local user on every switch and assign a key to this user. I would rather use my tacacs+-server for that. E.g. assign the pub key in the tacacs config file to a user instaed of a passord. Is this not possible?

rgds,

Mike

Cisco Employee

Re: TACACS+ / SSHauth

I would have to defer to a TACACS+ expert on that. The only way I know that is has ever been done, is with the keys. If you want to use the TACACS+ server, as far as I know, you would need to use password authentication for the SSH login.

Thanks,

Mike

187
Views
0
Helpful
4
Replies