Cisco IOS ssh setup to use with Pragma SSH Server

Cisco IOS Release 15.1(1)S or later has "ip ssh pubkey-chain" and related commands for public key login to Cisco IOS routers. Pragma SSH servers and clients fully interoperate with Cisco IOS SSH and SCP servers and clients. With customer requests, Pragma added DoD CAC & Smartcard x509 v3 certificates to login to Cisco routers using ssh publickey authentication of Pragma ssh cmd line and gui clients. Password login has always worked. The following command snippets show how one would setup Cisco IOS router and switches to enable ssh, public key login. IOS "config terminal" or in short "config t" is used to enter sysadmin config mode in Cisco IOS. In Pragma lab for Cisco testing, we have used Cisco 2900 series routers and 880 series routers.

config t // configure the 2900 series router's dhcp, hostname
hostname cisco2901
ip domain name domain_name
interface GigabitEthernet0/0
ip address dhcp client-id GigabitEthernet0/0
duplex auto
speed auto
control-z

config t // add 2 test users and enable ssh and telnet (if desired)
username test1 privilege 15 secret test1
username test2 privilege 15 secret test2
line vty 0 4
transport input telnet ssh
control-z

config t // add public key to a Cisco login account
ip ssh pubkey-chain
username test1
key-string
ssh-rsa publickkeyline1 // best is to cut and paste the public key and paste
line2
line3
...
exit
Control-Z
show run | b ip ssh pu // to see the public key entered. 2 keys per acct allowed

config t
ip ssh pubkey-chain
no username test1 // to delete a user's public keys
exit
control-z

config t
no boot system
boot system flash:2900data-uiversalk9_m3.bin
control-z
write memory // write changes to config permanently
reload // shutdown and reload the configuration saved above

// Connect to Cisco IOS using Pragma SSH client
ssh -l test1 cisco2901 OR FortressCL
// From Cisco IOS console, connect to a Windows machine running PragmaSSH
ssh -l test1 winmachine

// in IOS, Copy file to Cisco router from a Windows machine using scp
copy scp://test1@winmachine/c:/save/t1.txt t1.txt
// Do the same using a windows domain account and keep the target name the same
copy scp://pragmasys\\johndoe@winmachine/c:/save/t1.txt .

// in IOS, Copy file to a Windows machine using scp from a Cisco router
copy t1.txt scp://test1@winmachine/c:/save/t1.txt
// Do the same using a windows domain account and keep the target name the same
copy t1.txt scp://pragmasys\\johndoe@winmachine/c:/save/.

// other useful IOS commands
show inventory
show version // shows IOS version, boot file name, system up time, etc
who
show configuration
show run // shows current run time configuration
show file system
shell processing full
uname -a // show operating system version details

Download Pragma SSH Client to obtain Pragma SSH/SFTP/SCP graphical and command line clients. Since Pragma SSH Server includes one license of our SSH Client package, one can also download the server package to connect to Cisco IOS devices. All our downloads are available for evaluation at: http://www.pragmasys.com/products/try

Navigation

Social Media