Run Script on MDS 9000 Series Switches without an SSH User Password

Document ID: 116509

Updated: Sep 19, 2013

Contributed by Zaw Oo, Cisco TAC Engineer.



This document describes how to run script on Cisco Multilayer Data Switch (MDS) 9000 Series switches without the Secure Shell (SSH) user password.

Run Script without an SSH User Password

Complete these steps in order to run script on Cisco MDS 9000 Series switches without the SSH user password:

  1. In order to enable SSH, enter the feature ssh command from the config terminal.
  2. Generate the Digital Signature Algorithm (DSA) or Rivest-Shamir-Addleman (RSA) key with the ssh key rsa 1024 command.
  3. Navigate to your user directory where you run the script.

    • Navigate to ~/.ssh, and your public keys for both DSA and RSA are displayed. For example, or "cat", which is the respective public key.
    • If you do not have all of the public/private keys already available, then generate the keys with the ssh-keygen -t rsa or ssh-keygen -t dsa command.

    Note: This document assumes that the username is testuser from this point onward.

  4. In order to configure the same username on the switch as the one you use in order to run your script, enter this command:

    Note: If you do not plan to modify any switch configuration, then use the network-operator role; if you do plan to modify the switch configuration, use the network-admin role.

    switch(config)# username testuser password test12345 role network-admin
  5. Enter this command in order to configure the sshkey:

    switch(config)# username testuser sshkey <key from Step 3>
  6. Enter ssh testuser@switch_ip from the host where you run your script. When SSH requests that you add the host fingerprint to your list of known hosts, answer Yes.

    Connection to the switch now occurs without the SSH user password. For future connections, you are able to connect to the switch with SSH without prompts for additional information.

Updated: Sep 19, 2013
Document ID: 116509