automating username/password when ssh to cisco router
in [Cisco]
|
Prev: nat problem
Next: Logging issue in CiscoSecure ACS 4.2
From: Tilman Schmidt on 18 Apr 2008 22:04 Greg Andrews schrieb: > Cisco very likely has a method to store the public key for an account > to allow non-password logins. It's probably not adding the key text > to a file in a subdirectory, but something else. Sorry to disappoint you but no. Cisco does not support public key authentication for ssh, period. > Has anyone consulted the Cisco documentation yet? (I don't have them > in front of me at the moment) Yes, indeed I have.
From: Dave Uhring on 18 Apr 2008 23:18 On Sat, 19 Apr 2008 04:04:44 +0200, Tilman Schmidt wrote: > Greg Andrews schrieb: >> Cisco very likely has a method to store the public key for an account >> to allow non-password logins. It's probably not adding the key text to >> a file in a subdirectory, but something else. > > Sorry to disappoint you but no. Cisco does not support public key > authentication for ssh, period. LOL! The authors of RFC4252, The Secure Shell (SSH) Authentication Protocol, which *mandates* public key authentication are T. Ylonen of SSH Communications Security Corp and C. Lonvick, Ed. of Cisco Systems, Inc.
From: Greg Menke on 19 Apr 2008 01:37 "Richard B. Gilbert" <rgilbert88(a)comcast.net> writes: >> >> If not in a file then where? RFC4252 states that public key >> authentication is *required* in any SSH implementation and that key >> must be kept someplace. >> >> I suppose that Cisco could, at least theoretically, keep the public >> key stored in a condom attached to an RJ45 port : > > > The last time I looked, routers did not come equipped with disk drives! > No file system! Or, at least, none in the usual sense of the > expression. It does have flash PROM, NVRAM, or some reasonable > facsimile where it can store things like passwords and public or private > keys, configuration info, etc. I think floppy disks have more storage!! Even back in the 10baseT days Cisco routers had nvram to which configs could be saved, plenty of room for keys if they couldn't be stored in the running-config for some reason. Gregm
From: Tilman Schmidt on 19 Apr 2008 13:16 Dave Uhring schrieb: > On Sat, 19 Apr 2008 04:04:44 +0200, Tilman Schmidt wrote: >> Greg Andrews schrieb: >>> Cisco very likely has a method to store the public key for an account >>> to allow non-password logins. It's probably not adding the key text to >>> a file in a subdirectory, but something else. >> Sorry to disappoint you but no. Cisco does not support public key >> authentication for ssh, period. > > LOL! The authors of RFC4252, The Secure Shell (SSH) Authentication > Protocol, which *mandates* public key authentication are T. Ylonen of SSH > Communications Security Corp and C. Lonvick, Ed. of Cisco Systems, Inc. Yes. Sad, isn't it? One of my most longstanding gripes with Cisco. But technically they do not claim conformance with that RFC, so you can't sue them for it. OTOH, RFC4252 is only a bit over two years old, so perhaps there's still hope.
From: Dave Uhring on 19 Apr 2008 13:57
On Sat, 19 Apr 2008 19:16:07 +0200, Tilman Schmidt wrote: > Dave Uhring schrieb: >> LOL! The authors of RFC4252, The Secure Shell (SSH) Authentication >> Protocol, which *mandates* public key authentication are T. Ylonen of SSH >> Communications Security Corp and C. Lonvick, Ed. of Cisco Systems, Inc. > OTOH, RFC4252 is only a bit over two years old, so perhaps there's still > hope. Curiously neither Theo deRaadt's name nor any other name from the OpenBSD project appears in those documents. Is this another OOXML-like attempt at establishing a single provider standard? |