Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

passwordless cisco router SSH login

Posted on 2011-10-06
6
Medium Priority
?
1,562 Views
Last Modified: 2012-05-12
Hello,

How do I setup passwordless SSH authentication to login to my cisco router? Do I need k9 IOS?

Thanks!
0
Comment
Question by:chainfear
  • 3
  • 2
6 Comments
 
LVL 37

Accepted Solution

by:
ArneLovius earned 1000 total points
ID: 36926097
you need a fairly up to date IOS and it needs to have 3DES support

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2.html
0
 
LVL 18

Expert Comment

by:Jimmy Larsson, CISSP, CEH
ID: 36926132
Passwordless SSH is not supported since any username created needs to have a password.

Best regards
Kvistofta


0
 

Author Comment

by:chainfear
ID: 36926192
If I want to write a script that do something with cisco router/switch,do I need to put the password in clear text? Is there anyway to avoid that? This is why I am asking for passwordless SSH into a router.

Thanks for all the efforts
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Assisted Solution

by:Jimmy Larsson, CISSP, CEH
Jimmy Larsson, CISSP, CEH earned 1000 total points
ID: 36926230
Yes you do. If you are concerned with using a password that can be seen in a script, you should be even more concerned with allowing anyone login to your device without using a password.

If possible, make sure that your script is not readable by anyone tha shouldnt be allowed to see the password.

/Kvistofta
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 36926276
Once you have setup key based auth, your connection would be in the form of user@host, no password is used.

the password is in effect the public key ssh key on the host that you are connecting from, so keeping the private key secure is important (usually in ~.ssh/ but no password is required to be in the script

@Kvistofta there is no password with key based auth see how the hash of the id_rsa.pub is used http://blog.ioshints.info/2009/10/ssh-rsa-authentication-works-in-ios.html
0
 
LVL 18

Expert Comment

by:Jimmy Larsson, CISSP, CEH
ID: 36926321
Yes you are right but the effect is the same: The user running the script needs to have access to the private key.

0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question