certutil sshkey

Enters an SSH public key for a specific user by using the command line interface (CLI).

Syntax

certutil sshkey user user-acct pubkey public-key
no certutil sshkey user user-acct

Parameters

user user-acct
Specifies a user name. The user must be a pre-existing user on the device. By default there are two users: “admin” and “user”.
pubkey public-key
Specifies a public key.

Modes

Privileged EXEC mode

Usage Guidelines

After an SSH public key is configured, the SSH server restarts on all VRF instances and all existing SSH connections are disconnected.

The user for whom a public key is to be configured by using the certutil sshkey command must already be configured on the device. By default, two users (admin and user) are configured on the device. Additional users are configured by using the username command in global configuration mode.

The public key must be entered within double quotes (" ").

To generate a public key, run the ssh-keygen -t rsa command on any server from which you want to start an SSH session to the device. Once you run this command, and have not entered any other path while generating the key, the public key is generated at /root/.ssh/id_rsa.pub by default. Open this file and copy all its contents after the pubkey option in the CLI.

The no form of the command removes the public key configuration for the specified user.

Examples

The following example shows how to enter an SSH public key directly into the CLI under the username admin.

device# certutil sshkey user admin pubkey “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnim+Ofjx/id3z2jDxXu9DcMuQqVq/NKi2Lms+q7dA5Dqww8jlrOGawG8tMySOvnB1ZEvJt1kqNneRi4l6Ot4/7hfd99rIOPGBP/NJs6xTLUrQhDgxB78ddTg+6euBtkYLTAaTC7kbXGXcO8VVB9+4xrH+0bkvjU9RRvGJguUfdiFKEfIGVOyt0atdHi1dmgQ9BE0cO65nc/i9MjMJedBe174/QT4TxeGeEgaQ57c2AL5It2V4CzrZBDtnixdnHUO5w2vmBR61LZIDVT1fuX/xYxDAm9H8SDpDX8pZlfFpQBy/wrkIYPZ/p4OLrUApB/XAJGujrlNlZLEu9U9MPVM/ root@ldap.hc-fusion.in”