I got an oppertunity to upgrade my Cisco 2960G switch to something supporting SSH keys (12.2(58)SE2). I wanted to know how the process compares with my Juniper EX switches.
I’m assuming that you already have a user, and that SSH enabled, and I’m not discussing SSH versions, or security implications. Only the process each vendor makes me jump through.
The cisco process looks like this:
1ip ssh pubkey-chain 2 username foo 3 key-string (copy and paste the pubkey (some devices don't support 4 more than 254 characters, so you'll have to divy up the key 5 into chunks and paste each chunk on its own line) ) 6 exit 7exit
The Juniper process looks like this:
1set username foo authentication ssh-rsa "public-key";
If I look at my ssh public key (4k), it shows up as the equiv. of 10 lines. On the cisco, I’m typing/pasting 15 lines. On the Juniper, I’m typing/pasting 1 (albeit long) line.
It took a bit of googling to find the information about IOS not supporting more than 254c on a line. It fails to tell you anything itself, but rather beeps (obvious, right?) and the key of course isn’t valid, so it ignores it.
Why must the IOS interface be so awkward?