Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual

Command or Action
Step 5
crypto key generate rsa
Example:
host1(config)# crypto key generate rsa
Step 6 ip ssh pubkey-chain
Example:
host1(config)# ip ssh pubkey-chain
Step 7
server server-name
Example:
host1(conf-ssh-pubkey)# server server1
Step 8 key-string
Example:
host1(conf-ssh-pubkey-server)#
key-string
Step 9
exit
Example:
host1(conf-ssh-pubkey-data)# exit
Step 10 key-hash key-type key-name
Example:
host1(conf-ssh-pubkey-server)# key-hash
ssh-rsa key1
Step 11
end
Example:
host1(conf-ssh-pubkey-server)# end
Purpose
Generates RSA key pairs.
Configures SSH-RSA keys for user and server authentication on the
SSH server and enters public-key configuration mode.
Enables the SSH server for public-key authentication on the device
and enters public-key server configuration mode.
Specifies the RSA public-key of the remote peer and enters public
key data configuration mode.
Note
Exits public-key data configuration mode and enters public-key server
configuration mode.
(Optional) Specifies the SSH key type and version.
Note
Exits public-key server configuration mode and returns to privileged
EXEC mode.

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

How to Configure Secure Shell Version 2 Support
You can obtain the public key value from an open SSH
client; that is, from the .ssh/id_rsa.pub file.
• The key type must be ssh-rsa for the configuration of
private/public key pairs.
• This step is optional only if the key-string command is
configured.
• You must configure either the key-string command or the
key-hash command.
You can use a hashing software to compute the hash of the
public key string, or you can copy the hash value from
another Cisco device. Entering the public key data using the
key-string command is the preferred way to enter the public
key data for the first time.
1099