PurposeCommand or Action
Defines the order of host key algorithms. Only the configured
algorithm is negotiated with the Secure Shell (SSH) client.
ip ssh server algorithm hostkey
{x509v3-ssh-rsa [ssh-rsa] | ssh-rsa
[x509v3-ssh-rsa]}
Step 3
The IOS SSH server must have at least one configured host
key algorithm:
Note
• x509v3-ssh-rsa—certificate-based authentication
• ssh-rsa—public key-based authentication
Example:
Switch(config)# ip ssh server algorithm
hostkey x509v3-ssh-rsa
Configures server and user certificate profiles and enters SSH
certificate profile configuration mode.
ip ssh server certificate profile
Example:
Switch(config)# ip ssh server certificate
profile
Step 4
Configures server certificate profile and enters SSH server certificate
profile server configuration mode.
server
Example:
Switch(ssh-server-cert-profile)# server
Step 5
•
The server profile is used to send out the certificate of the server
to the SSH client during server authentication.
Attaches the public key infrastructure (PKI) trustpoint to the server
certificate profile.
trustpoint sign PKI-trustpoint-name
Example:
Switch(ssh-server-cert-profile-server)#
trustpoint sign trust1
Step 6
•
The SSH server uses the certificate associated with this PKI
trustpoint for server authentication.
(Optional) Sends the Online Certificate Status Protocol (OCSP)
response or OCSP stapling along with the server certificate.
ocsp-response include
Example:
Switch(ssh-server-cert-profile-server)#
ocsp-response include
Step 7
By default, no OCSP response is sent along with the server
certificate.
Note
Exits SSH server certificate profile server configuration mode and
returns to privileged EXEC mode.
end
Example:
Switch(ssh-server-cert-profile-server)#
end
Step 8
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1120
How to Configure X.509v3 Certificates for SSH Authentication
To Next Page
Loading...
Need help?
General
