How to setup ssh keypair authentication in Cisco ASA

I created a short video on how to configure Cisco ASA to allow a CLI user to authenticate with RSA keypair when connecting with SSH instead of username/password. See video below.

In short, this is how to do it:


username johndoe nopassword
username johndoe attributes
ssh authentication publickey XXXXXXXX

(Replace XXXXXX with the users public key)

When connecting with “ssh johndoe@firewallip” the user will be granted CLI access without a password prompt.

 

Tagged with: , , ,
Posted in Cisco Security, Security
4 comments on “How to setup ssh keypair authentication in Cisco ASA
  1. Martin Levin says:

    Excellent guide as always Jimmy! Belive me, this is hard to find a guide for.

  2. William Murray says:

    How did you greate the pub key on the mac?

    • Hello Williams!

      To be clear I am not sure. I am pretty sure that it is created automatically when you use the ssh client for the first time, if not already during the users first login into osx.

      RSA keypairs can also be created manually with openssl.

      The reason that I am not sure is that I have moved my keys from computer to computer for many years when I have restored backup after changing hardware. I use to backup the /users/Jimmy/.ssh directory every now and then to make sure not to lose my keypair.

      /Jimmy

  3. Vishal says:

    Very nice Jimmy

Leave a Reply to Jimmy Larsson Cancel reply

Your email address will not be published. Required fields are marked *

*

Signuppp

[mc4wp_form id="2457"]
Website Security Test