EasyManua.ls Logo

Cisco Catalyst 4500 Series - Configuring Digital Certificates for User Authentication

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
50-4
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 50 X.509v3 Certificates for SSH Authentication
How to Configure X.509v3 Certificates for SSH Authentication
Configuring Digital Certificates for User Authentication
Step 6
Switch(ssh-server-cert-profile-server)#
trustpoint sign PKI-trustpoint-name
Attaches the public key infrastructure (PKI) trustpoint to the server
certificate profile.
The SSH server uses the certificate associated with this PKI
trustpoint for server authentication.
Step 7
Switch(ssh-server-cert-profile-server)#
ocsp-response include
(Optional) Sends the Online Certificate Status Protocol (OCSP)
response or OCSP stapling along with the server certificate.
Note By default, no OCSP response is sent along
with the server certificate.
Step 8
Switch(ssh-server-cert-profile-server)#
end
Exits SSH server certificate profile server configuration mode and
returns to privileged EXEC mode.
Command or Action Purpose
Step 1
Switch> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
Switch# configure terminal
Enters global configuration mode.
Step 3
Switch(config)# ip ssh server algorithm
authentication {publickey | keyboard |
password}
Defines the order of host key algorithms. Only the configured
algorithm is negotiated with the Secure Shell (SSH) client.
Note The IOS SSH server must have at least one
configured host key algorithm.
To use the certificate method for user authentication, the
publickey keyword must be configured.
Step 4
Switch(config)# ip ssh server algorithm
publickey {x509v3-ssh-rsa [ssh-rsa] |
ssh-rsa [x509v3-ssh-rsa]}
Defines the order of public key algorithms. Only the configured
algorithm is accepted by the SSH client for user authentication.
Note The IOS SSH client must have at least one
configured public key algorithm.
x509v3-ssh-rsa—Certificate-based authentication
ssh-rsa—Public-key-based authentication
Step 5
Switch(config)# ip ssh server
certificate profile
Configures server certificate profile and user certificate profile and
enters SSH certificate profile configuration mode.
Step 6
Switch(ssh-server-cert-profile)# user
Configures user certificate profile and enters SSH server certificate
profile user configuration mode.
Command or Action Purpose

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals