02-15-2013 11:35 AM - edited 02-21-2020 10:28 AM
I am just wondering if anyone was able to successfully implement smart card authentication for vty and console session. if anyone did, can you please point me to the documentation and the implementation guide? thanks
02-20-2013 05:54 PM
Not directly from IOS, but via RADIUS or TACACS to a AAA server (e.g. Cisco ACS) you can in turn use a two factor-based external authentication store. See this guide for instance.
11-21-2013 05:19 PM
Actually, with the rsa key pair setup in ISO 15+, you can use a smart card to authenticate to cisco switches. I'm still working out all the details but you would need SecureCRT or Putty-CAC. SecureCRT allows you to export the public key from a pki cert and then import that into the switch/router. The disadvantage is you can only use the first cert in the list. Putty-CAC allows you to select which PKI cert you want to use but I haven't verified you can export the public key from a cert. If you contact me, I'll email you the info need to use use SecureCRT.
11-19-2016 01:07 PM
There is a ssh client called Pragma Fortress that supports smart card authentication and it works very well with Cisco switches and Routers. It's pretty straight forward to configure. You can even use the local cisco device for authorization for smart card if your company doesn't want to invest money in ACS and Radius. Cisco device must support 15.4 and above IOS version.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide