I got an oppertunity to upgrade my Cisco 2960G switch to something
supporting SSH keys (12.2(58)SE2). I wanted to know how the process
compares with my Juniper EX switches.
I’m assuming that you already have a user, and that SSH enabled, and I’m
not discussing SSH versions, or security implications. Only the process
each vendor makes me jump through.
The cisco process looks like this:
ip ssh pubkey-chain
key-string (copy and paste the pubkey (some devices don't support
more than 254 characters, so you'll have to divy up the key
into chunks and paste each chunk on its own line) )
The Juniper process looks like this:
set username foo authentication ssh-rsa "public-key";
If I look at my ssh public key (4k), it shows up as the equiv. of 10
lines. On the cisco, I’m typing/pasting 15 lines. On the Juniper, I’m
typing/pasting 1 (albeit long) line.
It took a bit of googling to find the information about IOS not
supporting more than 254c on a line. It fails to tell you anything
itself, but rather beeps (obvious, right?) and the key of course isn’t
valid, so it ignores it.
Why must the IOS interface be so awkward?