The feature we’ve begged, prayed, sobbed, yelled, screamed for has finally been implemented in Cisco IOS: public key SSH authentication works in IOS release 15.0M (and is surprisingly easy to use).
After configuring SSH server on IOS (see also comments to this post), you have to configure the ssh pubkey-chain, where you can enter the key string (from your SSH public key file) or the key’s hash (which is displayed by the ssh-keygen command).
It’s probably easier to copy/paste the public key from your id_rsa.pub file into the terminal window …
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip ssh pubkey-chain
R2(conf-ssh-pubkey-data)#$apEbGE94luIqnBc61HsMd6JCWbQ== [email protected]
… and let the router convert it into the key hash, which is stored in the configuration:
R2#show run | section ssh
ip ssh rsa keypair-name SSH
ip ssh version 2
ip ssh pubkey-chain
key-hash ssh-rsa C20B739F2645D6850C591C6A11780CB5 [email protected]
After this simple step, you can log into your router without typing the password. Finally we have a manageable way of secure remote command execution.