Solved: Automate Addition of RSA Keys to Cisco IOS

ksbolton1 · ‎07-20-2022

Hello everyone.

I've been looking into using Ansible with a collection of Cisco devices and so far, I've confirmed that I can connect to some devices using RSA key pairs - I followed this guide (SSH Public Key Authentication on Cisco IOS (networklessons.com))

Now I'd like to be able to automatically push (or have the devices pull) a public key and store it so I can try to set this up at scale. The steps to manually add the key-string is not very feasible for more than a couple times around. I'm hoping someone might be able to point me in the right direction on this. Any guidance would be greatly appreciated.

ksbolton1 · ‎07-20-2022

Answered my own question -

I could use the established password method to push RSA keys with Ansible as shown below, taken from link here: cisco.ios.ios_user module – Module to manage the aggregates of local users. — Ansible Documentation

- name: create a new user
  cisco.ios.ios_user:
    name: ansible
    nopassword: true
    sshkey: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present

View solution in original post

ksbolton1 · ‎07-20-2022

Answered my own question -

I could use the established password method to push RSA keys with Ansible as shown below, taken from link here: cisco.ios.ios_user module – Module to manage the aggregates of local users. — Ansible Documentation

- name: create a new user
  cisco.ios.ios_user:
    name: ansible
    nopassword: true
    sshkey: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present