Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
480
Views
0
Helpful
1
Replies

Authenticate Users with Certificates on Switches

Cappoman
Level 1
Level 1

ā€Ž12-18-2018 09:58 AM

Hello,

I'm trying to enable user certificate based authentication on a switch.  I've read the paper here about x509.v3 certificates and things are not quite clear.  The sh ip ssh command confirms that we are using x509.v3 hostkey algorithms. 

 

Once I configure the Certificates for User Authentication portion of the paper will our local accounts still be accessible?  I'm thinking they will be locked out once certificate based authentication is configured for users. 

 

Thanks in advance.

 

 

Labels:
0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

ā€Ž12-18-2018 06:55 PM - edited ā€Ž12-22-2018 06:02 PM

I've not tried this myself, but it seems depending on this configuration command ip ssh server algorithm authentication at Configuring Digital Certificates for User Authentication 

Step 3

ip ssh server algorithm authentication {publickey | keyboard | password }

Example:

Switch(config)# ip ssh server algorithm authentication publickey

Defines the order of user authentication algorithms. Only the configured algorithm is negotiated with the Secure Shell (SSH) client.

Note 
  • The IOS SSH server must have at least one configured user authentication algorithm.
  • To use the certificate method for user authentication, the publickey keyword must be configured.

 

 

0 Helpful
Customers Also Viewed These Support Documents