Monday, November 8, 2021

ISR/ASA SSH Smart Cards?

Right now we are using radius PAP with to a MS NPS server, but now with smart cards we want to disable legacy auth. Has anyone managed to implement ssh with smart cards on either ISRs or ASAs? How?

We have the PKI infrastructure in place, we have Yubikey based smart cards issued and working. We even have putty-cac working with Linux, but for the life of me I can’t figure out how to get the Cisco hardware configured. Is it just too much a PITA? Should we just use ssh keys and local accounts? I’d hate to have to configure this on all the equipment.



No comments:

Post a Comment