Configuring IOS devices for SSH using Public/Private RSA keys in Windows | (CCIE Notes)


Configuration on the IOS router:

hostname R1
ip domain-name networkology.net
!
crypto key generate rsa general-keys label SSH-KEYS exportable modulus 1024
crypto key encrypt write rsa name SSH-KEYS passphrase cisco123
!
ip ssh version 2
ip ssh rsa keypair-name SSH-KEYS
ip ssh pubkey-chain 
 username admin
 key-string
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDiAYCMQauVa3SL4x256cWed7PCmSoO4Qq+ONaq
 CVlBtVK3deu7G2+JBdY3nn9YagpULOVJQv60irqpeo8UtC3Obwoz8mP4C/Y4AB7IP3AA
 X2QqbzboyRGFEvfqvNVT1diDVMrAe1TIXeiiFa/wogsR8oFxu1oR8NUUbPW9HS4BAw==
 exit
 exit
exit

– The RSA key is configured as exportable so you can copy and save it to a secure location for future use.
– The ‘key-string’ used under the username ‘admin’ is the public key of the users PC.

Generating public keys on a Windows host machine:

Note: I have used SecureCRT to generate the key pair. You can also use puttygen to achieve the same.

1.  Quick Connect to the IOS router, select PublicKey for authentication and click on Properties…

Quick Connect

2. Click on Create Identity File…Create Identity File

3. Click NextClick Next

4. Select RSA from the drop down menuSelect RSA keys

5. Enter a Passphrase to encrypt the Private key. This is not required but recommended. Also the comment can either be ignored or you can put anything in there.

Encrypt Private Key

6. Specify the key length

Key Length

7. Move your cursor in the blank space of the window to generate random input which will be used during key generation.

Random input for key generation

8. You cannot change the location of the public key, but you specify where you want to save the private key. Default location for public and private key (Windows XP);

C:\Documents and Settings\Administrator\Application Data\VanDyke\Identity
C:\Documents and Settings\Administrator\Application Data\VanDyke\Identity.pub

Key location

9. Say ‘No’ to upload the key to the router.

Decline the key upload

10. Open the Public key Identity.pub

Original Identity.pub file

11. Add ssh-rsa to the encrypted string as shown below and copy the selected text.

Add ssh-rsa to the encrypted string

12. Paste the key-string as shown below;

Paste the key-string

13. Click on Connect in the Quick Connect window

Connect to the IOS router

14. You have now successfully authenticated to the IOS router using RSA keys. Make sure you have saved the session so you won’t be prompted for an authentication again.

Successfully SSHed to the IOS router using RSA keys

Bookmark to follow my CCIE Security v4 journey –> https://networkology.net/tag/ccie

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s