Run Script on MDS 9000 Series Switches without an SSH User Password

Available Languages

Updated:September 19, 2013
Document ID:116509

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to run script on Cisco Multilayer Data Switch (MDS) 9000 Series switches without the Secure Shell (SSH) user password.

Run Script without an SSH User Password

Complete these steps in order to run script on Cisco MDS 9000 Series switches without the SSH user password:

  1. In order to enable SSH, enter the feature ssh command from the config terminal.
  2. Generate the Digital Signature Algorithm (DSA) or Rivest-Shamir-Addleman (RSA) key with the ssh key rsa 1024 command.
  3. Navigate to your user directory where you run the script.

    • Navigate to ~/.ssh, and your public keys for both DSA and RSA are displayed. For example, id_dsa.pub or id_rsa.pub. "cat", which is the respective public key.
    • If you do not have all of the public/private keys already available, then generate the keys with the ssh-keygen -t rsa or ssh-keygen -t dsa command.

    Note: This document assumes that the username is testuser from this point onward.

  4. In order to configure the same username on the switch as the one you use in order to run your script, enter this command:

    Note: If you do not plan to modify any switch configuration, then use the network-operator role; if you do plan to modify the switch configuration, use the network-admin role.


    switch(config)# username testuser password test12345 role network-admin
  5. Enter this command in order to configure the sshkey:

    switch(config)# username testuser sshkey <key from Step 3>
  6. Enter ssh testuser@switch_ip from the host where you run your script. When SSH requests that you add the host fingerprint to your list of known hosts, answer Yes.

    Connection to the switch now occurs without the SSH user password. For future connections, you are able to connect to the switch with SSH without prompts for additional information.

TAC Authored

Contributed by Cisco Engineers

  • Zaw Oo
    Cisco TAC Engineer.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco