04-17-2012 11:32 AM
I would like to know if it's possible to use TACACS+ for all SSH users connetions to a Nexus 5548UP except one connection from a server local with no password but with a an rsa cert? If yes, do you have a procedure or a document that explain that?
04-21-2012 06:38 AM
Yes you can.. I normally have it set up this way in our lab. I login via key based authentication while rest of our team uses TACACs
1)Copy the key to the switch bootflash
2)And here is my config for my key-based authentication.
24.10.5020A.1# sh run | inc prkrishn
username prkrishn password 5 ! role network-admin
username prkrishn sshkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDDk3UqsrGcFZXSNrugBAJaTz6TfVYJbE0+TCJTFf1Z5vScU0lmEPGHCl8tu9+Inb0T+8aZCZerqK2aQs94Dti/BjSA1XxLNj9KLKW
VuBe/01eVKTvXNv2nb1fvAAiHfOsPmL8whP/ZksmyMD2Vxee5nFv0iJhG4bYclKBXNSHRXQ== prkrishn@dhcp-64-102-157-203.cisco.com
04-23-2012 05:58 AM
Thanks yes I found the solution last Friday and it's exactly what you mention above. It's working now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: