For When You Can't Have The Real Thing
[ start | index | login ]
start > Cisco > ASA > 9.8 > SSH pubkey authentication

SSH pubkey authentication

Created by dave. Last edited by dave, 27 days ago. Viewed 31 times. #2
[diff] [history] [edit] [rdf]
labels
attachments
(2020-09-25)

Problem

How to set up an ASA to accept an ssh pubkey?

Solution

Create a ssh key as normal.

Create the Base64 Encoded Public Key that the ASA wants:

$ ssh-keygen -e -f id_rsa.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "4096-bit RSA, converted by rancid@netmanager.myco.local"
AAAAB3NzaC1yc2EAAAABIwAAAgEArB9/fv/X3pgoqc197AbI8AMF7NMjuDTUQlIDC6KVnh
TKuxNOOjrAuG/j5syXRNVtwFyE+M6aPyhBLJ7PZJZHqnCUXEh19wYpj+4GfgFgvP1LioKe
fe3ZNuYtjIfyMdm9Is4pvfm6TLUG1epJ4U/7j/dYnVUvt/+WzziOMYRcMnQyXrwfegKxJG
4dntPwFLUfSRmhL+Lmpcd6IMaM0u4wukHIHh2QWv9OoM+SSLXCQF92pvaXTpWLofLKut/L
4UA2MgrGsqkJIbG/UqRS4NjrJQ7UfzCzH7YiSZJh0HPSDbMwGx1ns0w2cDklYoyg0Mdkov
VXVib9KgR9hUzyh+lmOGvOeHFE7x0M9XapvRRzw7Psu7o7zKgaAnkwjzBc6tV8EStcTJhn
KGo/jHFSMTLR9GRYt4Fj7TdmATykgZAMlOJKvQ7bcPCU8grt4Hhdjbq+PhifARLuWg6kXB
NKZZGjOT8jRHjg52CCZ6jsgpMk2P8MnN0R5zk44TT+79h95yeidFeMFxoz3fjpL712xObF
9QM4ilOxDviFW+30w2zYcC/nKUIIHfFWO3vIeITfM3vUAQIfB29ca2xtMA9XEtnjHnXTKE
/aUxwuQEbF3+z8TJ9OrO0eRQaheu6ZHqcTb18bsjgZpwGSPSNcIQNHQB/urp8OK7TF/SYZ
xsDQ5hkJH0k=
---- END SSH2 PUBLIC KEY ----
$

Copy the key to your clipboard.

On the ASA, add the public key to your user:

ciscoasa(config)# username test attributes
ciscoasa(config-username)# ssh authentication pkf
Enter an SSH public key formatted file.
End with the word "quit" on a line by itself:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "4096-bit RSA, converted by ramona@rboersma-mac from OpenSSH"
AAAAB3NzaC1yc2EAAAADAQABAAACAQDNUvkgza37lB/Q/fljpLAv1BbyAd5PJCJXh/U4LO
hleR/qgIROjpnDaS7Az8/+sjHmq0qXC5TXkzWihvRZbhefyPhPHCi0hIt4oUF2ZbXESA/8
jUT4ehXIUE7FrChffBBtbD4d9FkV8A2gwZCDJBxEM26ocbZCSTx9QC//wt6E/zRcdoqiJG
p4ECEdDaM+56l+yf73NUigO7wYkqcrzjmI1rZRDLVcqtj8Q9qD3MqsV+PkJGSGiqZwnyIl
QbfYxXHU9wLdWxhUbA/xOjJuZ15TQMa7KLs2u+RtrpQgeTGTffIh6O+xKh93gwTgzaZTK4
CQ1kuMrRdNRzza0byLeYPtSlv6Lv6F6dGtwlqrX5a+w/tV/aw9WUg/rapekKloz3tsPTDe
p866AFzU+Z7pVR1389iNuNJHQS7IUA2m0cciIuCM2we/tVqMPYJl+xgKAkuHDkBlMS4i8b
Wzyd+4EUMDGGZVeO+corKTLWFO1wIUieRkrUaCzjComGYZdzrQT2mXBcSKQNWlSCBpCHsk
/r5uTGnKpCNWfL7vd/sRCHyHKsxjsXR15C/5zgHmCTAaGOuIq0Rjo34+61+70PCtYXebxM
Wwm19e3eH2PudZd+rj1dedfr2/IrislEBRJWGLoR/N+xsvwVVM1Qqw1uL4r99CbZF9NghY
NRxCQOY/7K77IQ==
---- END SSH2 PUBLIC KEY ----
quit
INFO: Import of an SSH public key formatted file completed successfully.

Commentary

Fantastic -- but you still have to remember the enable password.

(>>Source)

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt