Smart card authentication for IOS device

pmlam3274 · ‎02-15-2013

I am just wondering if anyone was able to successfully implement smart card authentication for vty and console session. if anyone did, can you please point me to the documentation and the implementation guide? thanks

Marvin Rhoads · ‎02-20-2013

Not directly from IOS, but via RADIUS or TACACS to a AAA server (e.g. Cisco ACS) you can in turn use a two factor-based external authentication store. See this guide for instance.

thedisbo · ‎11-21-2013

Actually, with the rsa key pair setup in ISO 15+, you can use a smart card to authenticate to cisco switches. I'm still working out all the details but you would need SecureCRT or Putty-CAC. SecureCRT allows you to export the public key from a pki cert and then import that into the switch/router. The disadvantage is you can only use the first cert in the list. Putty-CAC allows you to select which PKI cert you want to use but I haven't verified you can export the public key from a cert. If you contact me, I'll email you the info need to use use SecureCRT.

cofee · ‎11-19-2016

There is a ssh client called Pragma Fortress that supports smart card authentication and it works very well with Cisco switches and Routers. It's pretty straight forward to configure. You can even use the local cisco device for authorization for smart card if your company doesn't want to invest money in ACS and Radius. Cisco device must support 15.4 and above IOS version.