Configuring X.509v3 Certificate-Based SSH Authentication
Step 4
Specify the SSH public key in Open SSH format.
switch(config)# username User1 sshkey ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAri3mQy4W1AV9Y2t2hrEWgbUEYz
CfTPO5B8LRkedn56BEy2N9ZcdpqE6aqJLZwfZcTFEzaAAZp9AS86dgBAjsKGs7UxnhGySr8ZELv+DQBsDQH6rZt0KR+2Da8hJD4Z
XIeccWk0gS1DQUNZ300xstQsYZUtqnx1bvm5Ninn0McNinn0Mc=
Step 5
Save the configuration.
switch(config)# copy running-config startup-config
Configuring X.509v3 Certificate-Based SSH Authentication
You can configure SSH authentication using X.509v3 certificates.
Before You Begin
Enable the SSH server on the remote device.
Procedure
Step 1
Step 2
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
68
Command or Action
configure terminal
Example:
switch# configure terminal
switch(config)#
username user-id [password [0 | 5]
password]
Example:
switch(config)# username jsmith
password 4Ty18Rnt
Purpose
Enters global configuration mode.
Configures a user account. The user-id argument is a
case-sensitive, alphanumeric character string with a
maximum length of 28 characters. Valid characters are
uppercase letters A through Z, lowercase letters a through
z, numbers 0 through 9, hyphen (-), period (.), underscore
(_), plus sign (+), and equal sign (=). The at symbol (@)
is supported in remote usernames but not in local
usernames.
Usernames must begin with an underscore (_), which is
supported starting with Cisco NX-OS Release 7.0(3)I2(2),
or an alphanumeric character.
The default password is undefined. The 0 option indicates
that the password is clear text, and the 5 option indicates
that the password is encrypted. The default is 0 (clear
text).
If you do not specify a password, the user might
Note
not be able to log in to the Cisco NX-OS device.
If you create a user account with the encrypted
Note
password option, the corresponding SNMP user
will not be created.
Configuring SSH and Telnet