Document ID: 116509
Updated: Sep 19, 2013
Contributed by Zaw Oo, Cisco TAC Engineer.
This document describes how to run script on Cisco Multilayer Data Switch (MDS) 9000 Series switches without the Secure Shell (SSH) user password.
Run Script without an SSH User Password
Complete these steps in order to run script on Cisco MDS 9000 Series switches without the SSH user password:
- In order to enable SSH, enter the feature ssh command from the config terminal.
- Generate the Digital Signature Algorithm (DSA) or Rivest-Shamir-Addleman (RSA) key with the ssh key rsa 1024 command.
- Navigate to your user directory where you run the script.
- Navigate to ~/.ssh, and your public keys for both DSA and RSA are displayed. For example, id_dsa.pub or id_rsa.pub. "cat", which is the respective public key.
- If you do not have all of the public/private keys already available, then generate the keys with the ssh-keygen -t rsa or ssh-keygen -t dsa command.
- In order to configure the same username on the switch as the one you use in order to run your script, enter this command:
switch(config)# username testuser password test12345 role network-admin
- Enter this command in order to configure the sshkey:
switch(config)# username testuser sshkey <key from Step 3>
- Enter ssh testuser@switch_ip from the host where you run your script. When SSH requests that you add the host fingerprint to your list of known hosts, answer Yes.
Connection to the switch now occurs without the SSH user password. For future connections, you are able to connect to the switch with SSH without prompts for additional information.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.