Cisco Nexus 9000 Series Configuration Manual page 166
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring X.509v3 Certificate-Based SSH Authentication
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
username user-id [password [0 | 5] password]
Example:
switch(config)# username jsmith password 4Ty18Rnt
Step 3
username user-id ssh-cert-dn dn-name {dsa | rsa}
Example:
switch(config)# username jsmith ssh-cert-dn "/O
= ABCcompany, OU = ABC1,
emailAddress = jsmith@ABCcompany.com, L =
Metropolis, ST = New York, C = US, CN = jsmith"
rsa
Step 4
[no] crypto ca trustpoint trustpoint
Example:
switch(config)# crypto ca trustpoint winca
switch(config-trustpoint)#
Step 5
crypto ca authenticate trustpoint
Example:
switch(config-trustpoint)# crypto ca authenticate
winca
Step 6
(Optional) crypto ca crl request trustpoint
bootflash:static-crl.crl
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
140
Purpose
Enters global configuration mode.
Configures a user account. The user-id argument is a
case-sensitive, alphanumeric character string with a
maximum length of 28 characters. Valid characters are
uppercase letters A through Z, lowercase letters a through
z, numbers 0 through 9, hyphen (-), period (.), underscore
(_), plus sign (+), and equal sign (=). The at symbol (@)
is supported in remote usernames but not in local
usernames.
Usernames must begin with an alphanumeric character.
The default password is undefined. The 0 option indicates
that the password is clear text, and the 5 option indicates
that the password is encrypted. The default is 0 (clear text).
Note
If you do not specify a password, the user might
not be able to log in to the Cisco NX-OS device.
If you create a user account with the encrypted
Note
password option, the corresponding SNMP user
will not be created.
Specifies an SSH X.509 certificate distinguished name
and DSA or RSA algorithm to use for authentication for
an existing user account. The distinguished name can be
up to 512 characters and must follow the format shown in
the examples. Make sure the email address and state are
configured as emailAddress and ST, respectively.
Configures a trustpoint.
Before you delete a trustpoint using the no form
Note
of this command, you must first delete the CRL
and CA certificate, using the delete crl and
delete ca-certificate commands.
Configures a CA certificate for the trustpoint.
To delete a CA certificate, enter the delete
Note
ca-certificate command in the trustpoint
configuration mode.
This command is optional but highly recommended.
Configures the certificate revocation list (CRL) for the
trustpoint. The CRL file is a snapshot of the list of revoked
Configuring SSH and Telnet
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
