Adding Ssh Authorized Public Keys - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual
Configuration guide
Hide thumbs
Also See for 4215 - Intrusion Detection Sys Sensor:
- Hardware installation manual (74 pages)
Table of Contents
Advertisement
Configuring SSH
View the key for a specific IP address:
Step 6
sensor# show ssh host-keys 10.16.0.0
1024 35
139306213541835240385332922253968814685684523520064131997839905113640120217816869696708721
704631322844292073851730565044879082670677554157937058485203995572114631296604552161309712
601068614812749969593513740598331393154884988302302182922353335152653860589163651944997842
874583627883277460138506084043415861927
MD5: 49:3F:FD:62:26:58:94:A3:E9:88:EF:92:5F:52:6E:7B
Bubble Babble: xebiz-vykyk-fekuh-rukuh-cabaz-paret-gosym-serum-korus-fypop-huxyx
sensor#
Remove an entry:
Step 7
sensor(config)# no ssh host-key 10.16.0.0
The host is removed from the SSH known hosts list.
Verify the host was removed:
Step 8
sensor(config)# exit
sensor# show ssh host-keys
The IP address no longer appears in the list.
Adding SSH Authorized Public Keys
Use the ssh authorized-key command to define public keys for a client allowed to use RSA
authentication to log in to the local SSH server.
The following options apply:
•
•
•
•
Each user who can log in to the sensor has a list of authorized public keys. An SSH client with access to
any of the corresponding RSA private keys can log in to the sensor as the user without entering a
password.
Use an RSA key generation tool on the client where the private key is going to reside. Then, display the
generated public key as a set of three numbers (modulus length, public exponent, public modulus) and
enter those numbers as parameters for the ssh authorized-key command.
You configure your own list of SSH authorized keys. An administrator cannot manage the list of SSH
Note
authorized keys for other users on the sensor.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
4-32
id—1 to 256-character string that uniquely identifies the authorized key. You can use numbers, "_,"
and "-," but spaces and "?" are not acceptable.
key-modulus-length—An ASCCI decimal integer in the range[511, 2048].
public-exponent—An ASCII decimal integer in the range [3, 2^32].
public-modulus—An ASCII decimal integer, x, such that (2^(key-modulus-length-1)) < x <
(2^(key-modulus-length)).
Chapter 4
Initial Configuration Tasks
78-16527-01
Advertisement
Table of Contents
Troubleshooting
