Table of Contents
Advertisement
Configuration Example for X.509v3 Certificate-Based SSH Authentication
Step 11
Configuration Example for X.509v3 Certificate-Based SSH
Authentication
The following example shows how to configure SSH authentication using X.509v3 certificates:
configure terminal
username jsmith password 4Ty18Rnt
username jsmith ssh-cert-dn "/O = ABCcompany, OU = ABC1,
emailAddress = jsmith@ABCcompany.com, L = Metropolis, ST = New York, C = US, CN = jsmith"
rsa
crypto ca trustpoint tp1
crypto ca authentication tp1
crypto ca crl request tp1 bootflash:crl1.crl
show crypto ca certificates
Trustpoint: tp1
CA certificate 0:
subject= /CN=SecDevCA
issuer= /CN=SecDevCA
serial=01AB02CD03EF04GH05IJ06KL07MN
notBefore=Jun 29 12:36:26 2016 GMT
notAfter=Jun 29 12:46:23 2021 GMT
SHA1 Fingerprint=47:29:E3:00:C1:C1:47:F2:56:8B:AC:B2:1C:64:48:FC:F4:8D:53:AF
purposes: sslserver sslclient
show crypto ca crl tp1
Trustpoint: tp1 CRL: Certificate Revocation List (CRL):
show user-account
user:user1
user1; Algo: x509v3-sign-rsa
show users
NAME
user1
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
70
Command or Action
copy running-config startup-config
Example:
switch(config)# copy
running-config startup-config
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /CN=SecDevCA
Last Update: Aug 8 20:03:15 2016 GMT
Next Update: Aug 16 08:23:15 2016 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:30:43:AA:80:10:FE:72:00:DE:2F:A2:17:E4:61:61:44:CE:78:FF:2A
this user account has no expiry date
roles:network-operator
ssh cert DN : /C = US, ST = New York, L = Metropolis, O = cisco , OU = csg, CN =
LINE
TIME
pts/1
Jul 27 18:43
Purpose
(Optional)
Copies the running configuration to the startup
configuration.
IDLE
PID
COMMENT
00:03
18796
(10.10.10.1)
Configuring SSH and Telnet
session=ssh
Hide quick links:
Advertisement
Table of Contents
