cancel
Showing results for 
Search instead for 
Did you mean: 

ssh keys and radius, how do you guys manage it?

ssh keys and radius, how do you guys manage it?

Chris1
New Contributor
Ok at the moment we use radius for auth and acct to secure our switches, and while this is great and works we sort of want to up the security. On linux this is either being handled by disabling passwords completely and relying on sshkeys....

What i was wondering is how are people handling this on extreme?

I know i can manually add my ssh key to an on-box user i've done it and it does work fine but the issue is then i have to manually add not just the keys for all my admins to every switch on my network but i also have to generate static users on all of those switches as well?

Their doesn't seem to be a way to feed sshkeys from a radius server or some other central distro of keys. And the idea of having local users + radius users on all my boxes starts to make my head explode.

So just wondering how others are handling this? I imagine the actual easiest way is just throwing a bunch of keys under the default "admin" user but still if your looking at a lot of switches even that gets tiresome, especially if you need to eventually drop a key from all the boxes.
1 REPLY 1

Matthew_Hum
Contributor
Not really a solution but you can use the command script tool or even something like a perl/bash script to put all the keys on your switches (or remove one).
GTM-P2G8KFN