This might be a dumb question, but I finally got it working after fighting with OpenSSH a bit on the Linux side.. However, I still need to go in and hit enable and put in a password to elevate. I am hoping to use Ansible to backup configs, but I am trying to do it all through SSH Key Exchange and no passwords involved.
The username command has a privilege parameter that allows you to assign that account a privilege level higher than the default value of 1 If you setup AAA to do authentication and authorization locally, you can assign a user a privilege level of 15 for instance and they will have full enable privilege as part of their initial login If security is a concern you can assign a lower privilege level to the user account but then you have to wrestle with assigning privilege levels to all the different commands that allow the entire config to be read
How to enable ssh key for Active directory user account using Tacacs authentication using Microsoft NPS, this video is more focused on local user accounts.
I haven't used AD or ACS for some time and back then I don't think SSH keys were an option Things may have changed but I would expect this would be handled within the platform itself as that's where the authentication is being done Once companies stopped using ACS and switched to using RADIUS with NPS for instance, that would hand off to AD which in turn would use a 2FA agent So it would need something similar I guess for SSH keys Most companies I've worked with though have small network teams who do their own authentication and that's when SSH keys can be useful
brother you are a life saver. I did everything except add the PubkeyAccepted bit to the ssh config file. thank you!
Good to know the video was helpful
I think that's the first time I had to do that, but SHA1 was used for a long time
This might be a dumb question, but I finally got it working after fighting with OpenSSH a bit on the Linux side.. However, I still need to go in and hit enable and put in a password to elevate. I am hoping to use Ansible to backup configs, but I am trying to do it all through SSH Key Exchange and no passwords involved.
The username command has a privilege parameter that allows you to assign that account a privilege level higher than the default value of 1
If you setup AAA to do authentication and authorization locally, you can assign a user a privilege level of 15 for instance and they will have full enable privilege as part of their initial login
If security is a concern you can assign a lower privilege level to the user account but then you have to wrestle with assigning privilege levels to all the different commands that allow the entire config to be read
Note that IOS 12 versions will not have this feature.
Thanks for sharing that, good to know
How to enable ssh key for Active directory user account using Tacacs authentication using Microsoft NPS, this video is more focused on local user accounts.
I haven't used AD or ACS for some time and back then I don't think SSH keys were an option
Things may have changed but I would expect this would be handled within the platform itself as that's where the authentication is being done
Once companies stopped using ACS and switched to using RADIUS with NPS for instance, that would hand off to AD which in turn would use a 2FA agent
So it would need something similar I guess for SSH keys
Most companies I've worked with though have small network teams who do their own authentication and that's when SSH keys can be useful
@@TechTutorialsDavidMcKone thanks for the reply
great content! do you mind posting this on audea? I like to listen more that's where I get most of my audio content
I haven't heard of it but I'll see what I can do