Configuring Digital Certificates for User Authentication
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip ssh server algorithm authentication {publickey | keyboard | password}
4.
ip ssh server algorithm publickey {x509v3-ssh-rsa [ssh-rsa] | ssh-rsa [x509v3-ssh-rsa]}
5.
ip ssh server certificate profile
6.
user
7.
trustpoint verify PKI-trustpoint-name
8.
ocsp-response required
9.
end
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.enable
Step 1
Example:
Switch> enable
•
Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 2
Defines the order of user authentication algorithms. Only the
configured algorithm is negotiated with the Secure Shell (SSH) client.
ip ssh server algorithm authentication
{publickey | keyboard | password}
Step 3
Example:
Switch(config)# ip ssh server algorithm
authentication publickey
Note
•
The IOS SSH server must have at least one configured
user authentication algorithm.
•
To use the certificate method for user authentication,
the publickey keyword must be configured.
Defines the order of public key algorithms. Only the configured
algorithm is accepted by the SSH client for user authentication.
ip ssh server algorithm publickey
{x509v3-ssh-rsa [ssh-rsa] | ssh-rsa
[x509v3-ssh-rsa]}
Step 4
The IOS SSH client must have at least one configured public
key algorithm:
Note
• x509v3-ssh-rsa—Certificate-based authentication
• ssh-rsa—Public-key-based authentication
Example:
Switch(config)# ip ssh server algorithm
publickey x509v3-ssh-rsa
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1121
How to Configure X.509v3 Certificates for SSH Authentication