cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
479
Views
0
Helpful
1
Replies

Authenticate Users with Certificates on Switches

Cappoman
Level 1
Level 1

Hello,

I'm trying to enable user certificate based authentication on a switch.  I've read the paper here about x509.v3 certificates and things are not quite clear.  The sh ip ssh command confirms that we are using x509.v3 hostkey algorithms. 

 

Once I configure the Certificates for User Authentication portion of the paper will our local accounts still be accessible?  I'm thinking they will be locked out once certificate based authentication is configured for users. 

 

Thanks in advance.

 

 

1 Reply 1

hslai
Cisco Employee
Cisco Employee

I've not tried this myself, but it seems depending on this configuration command ip ssh server algorithm authentication at Configuring Digital Certificates for User Authentication 

Step 3

ip ssh server algorithm authentication {publickey | keyboard | password }

Example:

Switch(config)# ip ssh server algorithm authentication publickey

Defines the order of user authentication algorithms. Only the configured algorithm is negotiated with the Secure Shell (SSH) client.

Note 
  • The IOS SSH server must have at least one configured user authentication algorithm.
  • To use the certificate method for user authentication, the publickey keyword must be configured.