I want to SSH from the router to the router with public key authentication.

Translator · ‎06-13-2022

Cannot SSH from router (insert name_here) to router (RouterA) with public key authentication.

I was able to SSH from my PC to Router A with public key authentication.

I registered my router's public key with pubkey-chain, but I was asked for my password.

We expect the public key of the router to be from the sh ip ssh result.

How can I SSH between my router and my router with public key authentication?

If you know anything, could you tell me?

The sh run and sh ip ssh for each device are as follows.

(Connected to)

RouterA#sh run

version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip domain name test
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
username abc password 0 abc
!
redundancy
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip ssh version 2
ip ssh pubkey-chain
I was able to log in with this username from my username rsa-user ← PC.
key-hash ssh-rsa 5F9A37686D63A9EEAFF7D8082F899903
The username iosv1 ← router asked for a password with this username.
key-hash ssh-rsa 0874A1779A578D4C866A0092B8D366A5
!
ipv6 ioam timestamp
!
control-plane
!

-------------------------------

RouterA#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): RouterA.test
ssh-rsa AAAAB3NzaC1yc2EAAAAD TQ96TnaIF5znq0Yk2Qhfh
RouterA#

-------------------------------

(Source)

inserthostname_here#sh run
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname inserthostname_here

boot-start-marker
boot-end-marker

no aaa new-model

mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180

ip domain name test
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip ssh version 2
!
ipv6 ioam timestamp
!
control-plane

line con 0
line aux 0
line vty 0 4
login
transport input ssh
transport output ssh

-------------------------------

inserthostname_here#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): inserthostname_here.test
ssh-rsa AAAAB3NzaC1yc 379bdIRDvEPb8Ib ← We registered this value in RouterA
inserthostname_here#