Ssh Authentication Using Digital Certificates - Cisco MDS 9000 Series Configuration Manual
Security
Hide thumbs
Also See for MDS 9000 Series:
- Command reference manual (1464 pages) ,
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages)
Table of Contents
Advertisement
SSH Authentication Using Digital Certificates
Displays Server Key-Pair Details
Use the show ssh key command to display the server key-pair details for the specified key or for all
keys, (see the follwoing example).
Note
From Cisco MDS NX-OS Release 8.2(1), the fingerprint value displayed in the output of the show
ssh key [rsa | dsa] command will be in SHA-2 value, as SHA-2 value is considered to be secure
switch# show ssh key
rsa Keys generated:Thu Feb 16 14:12:21 2017
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDQ7si46R6sYsWNBRFV+v662vbY6wmr9QMBU4N+BK8F
Iez+7U+2VRdyz1Mykbb1HF/2zth3ZWuTkrTX+8cMnVdcwlfrvWY3g7CLmq5Wkxkq5PiSHsG9pnKM0ubw
Unqc4HYrjEiwJKAR2OBAylfH1ajf7wYGQbOiTQMeMyo2nQK8yQ==
bitcount:1024
fingerprint:
SHA256:D4F+Tl7R3fVunGz9A4GKGLWMQ0r4YRbzf5GfNwy1neg
**************************************
dsa Keys generated:Tue Feb 28 07:47:04 2017
ssh-dss AAAAB3NzaC1kc3MAAACBAJan5V/6YiKQZG2SCChmn9Mu5EbUQoTuCDyTCIYM35ofzh+dEALU
11XZrkGl7V2Hfbgp57dcTya1gjeNOzwU32oOvbA8osJ3BWpIePkZv+/t0feOz4LUhBz85ccmQeLJQ86R
UeJ6pAFsq+yk4XB/l5qMv9SN/QY0/95gCIDt8Uq7AAAAFQDZUMiLvTZwIwajLdu8OtLfB1vmuwAAAIAE
7rIwgUlrDTqmzvRdrmayYM2cGfwL4x+8gGpGe2kZoedFzv4vmmW2npD0E8qTWs4nD0k7cioTjdgLXQoZ
yaQIpIEtd+qS8NHuCrtRguVuDDCEOMTlhwNwL0iCHm08YgJIR3ho+V/nm5ko4kp7jA5eOh/9P/Rr4hCO
aZBNxPcSewAAAIBhcNhaVDYvEri7JCH8DbiZr30z2P3PpIQ8YWpHcOE7CBXkp++HjMFUKd9HJlIwd4bA
81tTkTfSxkPBc9ocHOv1vusVufj423HFjcBIODixY76gJzqlt3aNs54MDfiYxyJLh6yp6LZffDn4t2HF
x7tZSb4UJQKHdNR05d63Pybdbg==
bitcount:1024
fingerprint:
SHA256:kbHB73ZEhZaqJp/J68f1nfN9pJaQUkdHt0iKJc0c+Ao
Note
If you are logging in to a switch through SSH and you have issued the aaa authentication login
default none CLI command, you must enter one or more key strokes to log in. If you press the
Enter key without entering at least one keystroke, your log in will be rejected.
SSH Authentication Using Digital Certificates
SSH authentication on the Cisco MDS 9000 Family switches provide X.509 digital certificate support for
host authentication. An X.509 digital certificate is a data item that vouches for the origin and integrity of a
message. It contains encryption keys for secured communications and is "signed" by a trusted certification
authority (CA) to verify the identity of the presenter. The X.509 digital certificate support provides either
DSA or RSA algorithms for authentication.
The certificate infrastructure uses the first certificate that supports the Secure Socket Layer (SSL) and is
returned by the security infrastructure, either through query or notification. Verification of certificates is
successful if the certificates are from any of the trusted CAs.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
162
Configuring SSH Services
Advertisement
Chapters
Table of Contents
