I got an oppertunity to upgrade my Cisco 2960G switch to something supporting SSH keys (12.2(58)SE2). I wanted to know how the process compares with my Juniper EX switches.
I’m assuming that you already have a user, and that SSH enabled, and I’m not discussing SSH versions, or security implications. Only the process each vendor makes me jump through.
The cisco process looks like this:
1 2 3 4 5 6 7
ip ssh pubkey-chain username foo key-string (copy and paste the pubkey (some devices don't support more than 254 characters, so you'll have to divy up the key into chunks and paste each chunk on its own line) ) exit exit
The Juniper process looks like this:
set username foo authentication ssh-rsa "public-key";
If I look at my ssh public key (4k), it shows up as the equiv. of 10 lines. On the cisco, I’m typing/pasting 15 lines. On the Juniper, I’m typing/pasting 1 (albeit long) line.
It took a bit of googling to find the information about IOS not supporting more than 254c on a line. It fails to tell you anything itself, but rather beeps (obvious, right?) and the key of course isn’t valid, so it ignores it.
Why must the IOS interface be so awkward?
So what do you think? Leave your comments below.