Cisco IOS SSH Key Authentication

In this video, we show you how to configure Cisco IOS routers or switches to support key pair authentication As well as username/password authentication, a Cisco IOS device can be configured so that you can login using SSH keys With a passphrase assigned to the private key, this follows the security model of something you have and something you know to make the process more secure NOTE: The Cisco IOS version used in this video only supports RSA and SHA1, which is not ideal ============================= SUPPORT THE CHANNEL Donate through Paypal: https://paypal.me/DavidMcKone Donate through Buy Me A Coffee: https://buymeacoffee.com/dmckone Become a monthly contributor on Patreon: https://www.patreon.com/dmckone Become a monthly contributor on YouTube: ============================== ============================== MEDIA LINKS: Website - https://www.techtutorials.tv/ Twitter - https://twitter.com/dsmckone1 Facebook - https://facebook.com/dsmckone Linkedin - https://www.linkedin.com/in/dmckone Instagram - https://www.instagram.com/david.mckone ============================== Steps Taken 1) Create user account conf t username david privilege 15 end We don't need a password for this account 2) Create a key chain for the user conf t ip ssh pubkey-chain username david key-string We now need to paste in the public key but creating that depends on the OS for your computer 3) Linux Create an SSH keypair on the computer using OpenSSH cd .ssh ssh-keygen -b 4096 -t rsa -f ciscolab -C "[email protected]" Apply a passphrase to protect the private key This will create a key pair using RSA, 4096 bits in size, named ciscolab and with a comment to help identify the owner We now need to paste in the contents of the public key for this user In Linux, we need to split up the lines because the output is on a single line and Cisco IOS can't accept so many characters fold -b -w 72 ciscolab.pub We don't need to include the algorithm details at the beginning or the comment at the end, so copy and paste the rest Then finish the configuration exit end To verify this, you can compare the hash for this key which is stored using MD5 On the Cisco device sh run | b pubkey On the Linux computer ssh-keygen -l -E md5 -f ciscolab.pub To reduce latency during login you can edit the config file on the computer and specify the key rather than let the client try different ones until it exhausts all possibilities At the time of recording, OpenSSH has deprecated SHA1 but that's all the Cisco IOS version supports, however, the SSH config file for the computer can be configured to allow this nano .ssh/config Host * IdentitiesOnly yes Host uklon01wan01 IdentityFile "/home/david/.ssh/ciscolab" PubKeyAcceptedAlgorithms=ssh-rsa 4) Windows Use Putygen to create the keys and copy and paste in the public key Then finish the configuration exit end To verify this, you can compare the hash for this key which is stored using MD5 On the Cisco device sh run | b pubkey On the Windows computer, use Putygen and set the fingerprint to display in MD5 5) Key Authentication only The IOS device is still accepting username/password logins but this can be changed to allow SSH keys only conf t ip ssh server algorithm authentication publickey end By only specifying publickey, all other methods are disabled Chapters https://www.seevid.ir/fa/w/3lXc7xO8T9k Intro https://www.seevid.ir/fa/w/3lXc7xO8T9k Assumptions https://www.seevid.ir/fa/w/3lXc7xO8T9k User Account https://www.seevid.ir/fa/w/3lXc7xO8T9k Key Chain https://www.seevid.ir/fa/w/3lXc7xO8T9k Linux https://www.seevid.ir/fa/w/3lXc7xO8T9k Windows https://www.seevid.ir/fa/w/3lXc7xO8T9k Key Authentication Only Credits LoveLife | Instrumental Prod. Blue Mango | EQMUSEQ.COM by Don Da Vinci https://soundcloud.com/eqmuseq/lovelife?in=eqmuseq/sets/royalty-free-music-for-youtube cisco ssh,cisco ssh keys,cisco ssh keygen,cisco ssh public key,cisco ios ssh key authentication,cisco ios key,cisco,ssh rsa key based authentication in cisco devices,cisco ios ssh public key Cisco IOS SSH Key Authentication

• #science_technology
• #cisco_ssh
• #cisco_ssh_keys
• #cisco_ssh_keygen
• #cisco_ssh_public_key
• #cisco_ios_ssh_key_authentication
• #cisco_ios_key
• #cisco
• #ssh_rsa_key_based_authentication_in_cisco_devices
• #cisco_ios_ssh_public_key