[cisco]Public key authentication on Cisco ASA

I am using Cisco ASAv asa992-smp-k8.bin

Generate RSA from Centos
ssh-keygen -t rsa -b 2048 I rename this asymmetric keys as cisco_id_rsa.
Then I get the contents of cisco_id_rsa.pub.
c1

Exclude the ssh-rsa and the username@hostname, only get the key and copy and paste to the cisco asa. See the screenshot on the highlighted portion.
c2

On cisco ASA do this:

conf t
username cyruslab nopassword privilege 15
username cyruslab attributes
ssh authentication publickey AAAAB3NzaC1yc2EAAAADAQABAAABAQDAU/5J7w0HKcJ+0Q7+ZJHGgnbKjklWRSntTlJhLT8u6Sy6dvCIx435iYPj58AcFu1I+42nJgSfNsGpyFb/EEoRiG0qHqJbJDBSU8Ed4nMDNfz3NhbiRTrOHwiVWI+B86K04Oy/EUnRFvkcFDFH78VrPQ3yI9Zx7jwDEvhoqeCIWB+k6xg6zkTCD7iPuxoaR+ziOx8FIu3HL1WkWgxjEcPWy3N+aId3RRtPeLgVjkoXsSnREhcb8gRFc4snh3P9819W1ZP98Noa4UbklCXnGHwdPGgPPIi99MnWy+XNUMd7vQnkmdXk1WvZwkti5ol2Xgss7s6WSnESP8NNWk364dHR
end

Then test from the centos server to cisco asa:
You will still see password prompt, but just press enter as no password is needed for cyruslab which refers to the server’s pub key.
c3

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s