Re: SSH: ip ssh pubkey-chain not found

enpingado · ‎05-15-2012

I have a 3560 switch running: version 12.2(55)SE3 image: c3560e-universalk9-mz.122-55.SE3.

I can ssh into the switch from a remote pc just fine using usernames and passwords.

I want to use keys so that the ssh does not prompt me for login info.

under my switch when I a in config t mode, I do not see the commands for: ip ssh pubkey-chain

I only have the following options under ip ssh

All the documation i see has procedures for entering ip ssh pubkey-chain ...... but I don't get that option.

I thought the K9 image supported this? What have I not turned on for the options to appear?

As I said, I can ssh into the box fine, but when I follow a procedure for enabling ssh keys I don't get the commands they say should be available.

Thanks

enpingado · ‎05-16-2012

Some documentation says to perform the following to setup ssh for rsa keys:

Perform this task to configure the Cisco IOS SSH client to perform RSA-based server authentication.

1. enable

2. configure terminal

3. hostname name

4. ip domain-name name

5. crypto key generate rsa

6. ip ssh pubkey-chain

7. server server-name

8. key-string

9. exit

10. key-hash key-type key-name

11. end

12. configure terminal

13. ip ssh stricthostkeycheck

Step 6 is where i cannot complete the command because it does not exists. I do have a k9 image so its not that issue.

It turns out the i can get the same mode by entering:

(config)#crypto key pubkey-chain rsa

not sure if this is a documentation error or a difference between iso versions 15 and 12.

esobocinski · ‎10-08-2014

It's a difference between IOS versions. Support for login with SSH RSA keys begins in IOS 15.

Bernard_ · ‎04-09-2019

Hi,

I am having the same issue. The IOS software installed is a C1841-advipservicesk9-mz, Version 12.4(11)T4.

Does anyone know why and how to solve the issue?

Thank you for your help,

Bernard_