Network_Automation
Adding Ssh Key to Cat8k

To add your computer's SSH key to a Catalyst 8000 (Cat8k) router, you can follow these steps. This process involves generating an SSH key pair on your computer (if you haven't already) and then configuring the router to accept that key for authentication.

Step 1: Generate an SSH Key Pair (if not done already)

If you don't have an SSH key pair yet, you can generate one using the following command on your computer (assuming you’re using a Unix-like operating system, such as Linux or macOS):

ssh-keygen -t ed25519 -b 2048

Follow the prompts to save the key (the default location is usually ~/.ssh/id_rsa), and you can choose to set a passphrase for added security.

Step 2: Copy the Public Key

Once you have generated the SSH key pair, you need to copy the contents of the public key to add it to the Cat8k router. The public key is usually found in ~/.ssh/id_rsa.pub. You can view it with the following command:

cat ~/.ssh/id_rsa.pub

Step 3: Access the Cat8k Router

  1. Use your existing method (console, Telnet, or SSH) to log into the Cat8k router.

Step 4: Enter Configuration Mode

Once logged in, enter the global configuration mode:

enable
configure terminal

Step 5: Configure SSH Key Authentication

Now, you can add your SSH public key to the router. You will use the ip ssh pubkey-chain command as follows:

ip ssh pubkey-chain
  username your_username
    key-string

Replace your_username with the actual username you want to use for SSH access. Paste the public key you copied earlier. After pasting, end the key entry with a blank line or exit command.

Example:

Here’s how the process looks in the configuration mode:

Cat8k(config)# ip ssh pubkey-chain
Cat8k(config-ssh-pubkey)# username your_username
Cat8k(config-ssh-pubkey-user)# key-string
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAA... your_email@example.com
Cat8k(config-ssh-pubkey-user)# exit
Cat8k(config-ssh-pubkey)# exit
Cat8k(config)# exit

Step 6: Save the Configuration

After adding your SSH key, make sure to save the configuration:

write memory

Step 7: Test SSH Access

Now, try to SSH into the Cat8k router from your computer:

ssh your_username@router_ip

If everything is set up correctly, you should be able to log in without being prompted for a password (unless you set a passphrase when generating the key).

Additional Tips

  • Ensure that the router's SSH service is enabled. You can check this with the following command:
show ip ssh
  • If you're using a Windows machine, you can generate SSH keys using tools like PuTTYgen.
Network Connectivity IssuesCisco Ssh Ubuntu