X.509v3 Certificates for SSH Authentication
The X.509v3 Certificates for SSH Authentication feature uses the X.509v3 digital certificates in server and user authentication at the secure shell (SSH) server side.
This module describes how to configure server and user certificate profiles for a digital certificate.
Prerequisites for X.509v3 Certificates for SSH Authentication
- The X.509v3 Certificates
for SSH Authentication feature introduces the
ip ssh server algorithm
authentication command to replace the
ip ssh server authenticate
user command. If you use the
ip ssh server authenticate
user command, the following deprecation message is displayed.
Warning: SSH command accepted but this CLI will be deprecated soon. Please move to new CLI “ip ssh server algorithm authentication”. Please configure “default ip ssh server authenticate user” to make CLI ineffective.
-
Use the default ip ssh server authenticate user command to remove the ip ssh server authenticate user command from effect. The IOS secure shell (SSH) server then starts using the ip ssh server algorithm authentication command.
-
Restrictions for X.509v3 Certificates for SSH Authentication
-
The X.509v3 Certificates for SSH Authentication feature implementation is applicable only on the IOS secure shell (SSH) server side.
-
IOS SSH server supports only the x509v3-ssh-rsa algorithm based certificate for server and user authentication on the IOS SSH server side.