By default, engineers connect to network equipment using a username and password. Using Telnet, user credentials are transmitted in clear text, and over SSH, in encrypted. In order not to transmit the secret part over the network, public key authentication is used. With this authentication, the user's public key is pre-assigned to the user on the equipment. The private key is not transmitted over the network.This guide will help you quickly start using public keys for authentication when connecting to network equipment using the SSH protocol. The guide is applicable for both Windows and Mac OS X. I tried to make it as simple and informative as possible. It is not overloaded, but answers the basic questions:I also examined the "sore" topics:- Key conversion between OpenSSH <==> SecureCRT <==> PuTTY.
- Using different pairs of public keys for different equipment. One key is good, but not applicable in reality. Different customers or equipment require different pairs of public keys (some with a password, others without).
- Using the native (native) MAC OS X to work with public keys.
- The guide should also help use Ansible with network equipment, since Ansible uses OpenSSH with public key authentication by default.
90% of the material presented is tested on real equipment.Introduction
In addition to standard password authentication (password / keyboard) in the SSH protocol, there is also public key authentication (RSA).Authentication using RSA keys consists of several steps:Why only RSA? Why not a DSA? Unfortunately, I did not find the answer to this question (and did not really look for it). But officially, only RSA is supported on Cisco equipment.Secure Shell Configuration Guide, Cisco IOS Release 15E:Secure Shell Configuration Guide, Cisco IOS Release 15E
Restrictions for Secure Shell Version 2 Support
Rivest, Shamir, and Adleman (RSA) key generation is an SSH server-side requirement. Devices that act as SSH clients need not generate RSA keys.
Attempting to enter DSA key data:CSR-1(conf-ssh-pubkey-data)#exit
%SSH: Only ssh-rsa type is supported
CSR-1(conf-ssh-pubkey-user)#
Creating a public RSA key
A pair of RSA keys can be created using various utilities: SecureCRT, PuTTYgen or any other software. When creating a key, you can set Passphrase (password protection with a key).RSA pair generation in SecureCRT
SecureCRT -> Tools -> Create Public Key ...:A bit of theory → the “Next>” button:Type of RSA / DSA certificate → Select RSA → “Next>” button:Encryption password for the secret key (optional, you can leave it blank and not encrypt) + Comment → “Next>” button:Choose the key length (in SecureCRT version 6.1.0 the maximum key length is 2048 bits, in version 8.5.4 - 16 384 bits):Keygeneration → “Next>” button: To generate random numbers, you need to move the mouse within the window.Saving a key pair → Selecting a storage location → Selecting a format for a saved key (VanDuke Private format, OpenSSH legacy, OpenSSH new) → “Finish” button:SecureCRT asks whether to make this key the default key for SecureCRT:RSA pair generation in PuTTYgen
You can download PuTTYgen here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html .Launch PuTTYgen:Select the parameters (pair type: RSA; key bit dimension: 2048; optionally set Passphrase (password protection with a password)) → Generate:To guarantee random numbers, he asks to move the mouse within the window. This is a protection against pseudo random numbers.Save RSA keys → “Save private key” button:Please note: RSA keys stored in a private format in one software cannot be used in software of another manufacturer. That is, a pair of RSA keys created in PuTTYgen and saved in Putty Private Key format is not suitable for use in SecureCRT, and vice versa. PuTTY only supports the Putty Private Key format. A universal solution for distributing keys is to convert keys to OpenSSH format (See link 2: “Conversion from Putty to SecureCRT with auth. Keys”). Since SecureCRT works freely with the OpenSSH format. And PuTTYgen software converts the OpenSSH format into the Putty Private Key format.Converting an RSA key from Putty Private Key (PuTTY) format to OpenSSH (SecureCRT) format
In order to use RSA keys in SecureCRT that are generated in PuTTYgen and saved in Putty Private Key format (* .ppk), we export them using PuTTYgen in OpenSSH format:- Launch PuTTYgen.
- We load the existing RSA key in the Putty Private Key format (* .ppk) → The “Load” button.
- Save the public key file → “Save public key”.
- We export the secret key to the OpenSSH format: menu PuTTYgen → “Conversions” → “Export OpenSSH key”.
- We use OpenSSH files in SecureCRT. The file with the public key has the extension .pub, the file with the private key has no extension.
Converting an RSA key from VanDyke Private Key (SecureCRT) format to Putty Private Key (PuTTY) format
To use RSA keys in PuTTY that are generated in SecureCRT and saved in the VanDyke Private Key format (public key file * .pub, secret key file *. (Without extension)), export them using SecureCRT to OpenSSH format, and then using PuTTYgen we export to Putty Private Key (* .ppk) format:- Launch SecureCRT.
- Menu “Tools” → “Convert Private Key to OpenSSH format ...”
- Select the source file with the VanDyke Private Key keys.
- We save OpenSSH keys with a new name.
- Launch PuTTYgen.
- We load the existing RSA-key in the OpenSSH format (*.): PuTTYgen Menu → “Conversions” → “Import key”.
- Save the file in Putty format: “Save private key”.
Generating public keys on MAC OS X using the operating system
We will use the built-in ssh-keygen utility (man ssh-keygen).We generate an RSA key with a length of 2048 bits with the key name, the path to the folder with the key storage location:ssh-keygen -b 2048 -t rsa -c "Lab router R4" -f /Users/ArtemiySP/Documents/python/r4
At run time, the program will ask for a password to protect the RSA key:artemiy-2:Downloads ArtemiySP$ ssh-keygen -b 2048 -t rsa -C "Lab router R4" -f /Users/ArtemiySP/Documents/python/r4
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/ArtemiySP/Documents/python/r4.
Your public key has been saved in /Users/ArtemiySP/Documents/python/r4.pub.
The key fingerprint is:
SHA256:WdT47SFvgGI7danxX94p8/cO3uyU12SB3ipkc7nHxzA Lab router R4
The key's randomart image is:
+---[RSA 2048]----+
| .o |
| .. . . |
| .o + . |
| oo+ B = .|
| .S+ O OEoo|
| o + + B*+|
| . . =.*O|
| .+o**|
| =+O|
+----[SHA256]-----+
artemiy-2:Downloads ArtemiySP$
We generate an RSA key with a length of 4096 bits in indicating the name of the key, path to the folder with the key storage location, set the password explicitly in the key generation parameters (-N "cisco"):artemiy-2:Downloads ArtemiySP$ ssh-keygen -b 4096 -t rsa -C "Lab router R5" -N "cisco" -f /Users/ArtemiySP/Documents/python/r5
Generating public/private rsa key pair.
Your identification has been saved in /Users/ArtemiySP/Documents/python/r5.
Your public key has been saved in /Users/ArtemiySP/Documents/python/r5.pub.
The key fingerprint is:
SHA256:NraLRMqB4qmA8qNjKdpBBt1JBw8Osf/3GfuB2k1R+zY Lab router R5
The key's randomart image is:
+---[RSA 4096]----+
| o.+.. |
| . * = |
|. o + . . |
| . o . . |
|. + o . S . . |
|o+.. = o o . . . |
|+oo o o o o o Eo|
|*=.. . o = * . ..|
|Boo. . o =.o |
+----[SHA256]-----+
artemiy-2:Downloads ArtemiySP$
Key generation parameters that are not recommended: an unreliable key with a length of 1024 bits, specifying the key name, the path to the folder with the key storage location, we set the password explicitly in the key generation parameters (-N "" - without password):artemiy-2:Downloads ArtemiySP$ ssh-keygen -b 1024 -t rsa -C "Lab router R6" -N "" -f /Users/ArtemiySP/Documents/python/r6
Generating public/private rsa key pair.
Your identification has been saved in /Users/ArtemiySP/Documents/python/r6.
Your public key has been saved in /Users/ArtemiySP/Documents/python/r6.pub.
The key fingerprint is:
SHA256:LEcfgN+58TYMDv4MpBA2FGCWc2aFiY+SxWBf7pRViWs Lab router R6
The key's randomart image is:
+---[RSA 1024]----+
|.++=o*.o+.. |
|.oB % +. o |
| o X * .o... |
|o . = E+.=. |
| . oo+So.* |
| .oo o = |
| + . . |
| o |
| |
+----[SHA256]-----+
artemiy-2:Downloads ArtemiySP$
So, we created three keys in with the names of the keys and the location of the keys (by default, all keys are stored in /Users/[Username 022/.ssh).By default, when connecting via SSH with authentication by public key, all public keys are stored in sequence, which are stored in the /Users/[Username†/.ssh folder.R6 key: rename the key to “id_rsa” (by default the name of the generated key file is “id_rsa”) and transfer it to the folder with SSH keys (~ / .ssh /) (i.e., we will perform all the steps so that the R6 key is used as the main default SSH connection key):Convert the public OpenSSH key to RFC4716 format (export to Cisco IOS):https://serverfault.com/questions/706336/how-to-get-a-pem-file-from-ssh-key-pair
ssh-keygen -f ~/Documents/python/r4.pub -e -m RFC4716
ssh-keygen -f ~/Documents/python/r5.pub -e -m RFC4716
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m RFC4716
Using a public key on equipment
How on various equipment to bind a public key to a user?The process of binding a public key to a user is not standard and varies from equipment to equipment, therefore, examples are given for each type of equipment that is most often used on the network.Cisco IOS XE, Catalyst (from version 15.1 and higher), IOS
- There is already a user on the device.
- In the SSH settings (ip ssh pubkey-chain) for the user (username cisco), specify the public key (key-string):
CSR-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CSR-1(config)#ip ssh pubkey-chain
CSR-1(conf-ssh-pubkey)#username ssh-putty
CSR-1(conf-ssh-pubkey-user)#key-string
CSR-1(conf-ssh-pubkey-data)#$QAAAQEAnPbynT1+2rjlyqP4viSPdTVDFLSHzWjJnAwy
CSR-1(conf-ssh-pubkey-data)#$NCfaqvMTPruCgG5096q8lO0ntURmNgmfMEQPOgb8weF
CSR-1(conf-ssh-pubkey-data)#$AtMQYk7WFM+5iBnOQ32UAHNavCUA7YFEpAdOQO4W/qB
CSR-1(conf-ssh-pubkey-data)#$SlOLy+PQ47jDUINBnuUeHd8ZXyzXxWglzSvqtwMEXBW
CSR-1(conf-ssh-pubkey-data)#$VoUTBYbJ45DmFa93P50qf494ujaAsTbYyJ/GBzJUTK/
CSR-1(conf-ssh-pubkey-data)#$UADAkNGxQARfOfHZWiIYb3rif6h6hfwwVUZS/Tw==
CSR-1(conf-ssh-pubkey-data)#exit
CSR-1(conf-ssh-pubkey-user)#exit
CSR-1(conf-ssh-pubkey)#exit
CSR-1(config)#exit
CSR-1#exit
CSR-1#show running-config | inc ssh
username ssh-public-key secret 5 $1$ebjc$EYgwMFQXPPiywFVn6rl7t.
username ssh-putty privilege 15 secret 5 $1$vIhh$nM8iCeBKmLyVK4hA6./h4.
ip ssh pubkey-chain
key-hash ssh-rsa D4E9AD62F7F6265EAAB3FB8778477612
username ssh-public-key
key-hash ssh-rsa C331DEE821A84681A4A7B1862C100D16
username ssh-putty
key-hash ssh-rsa F32BEB60290EA75D151447C0D42D2A99
key-hash ssh-rsa 5432C275B363B646E02D3BA7E8D865B7
CSR-1#
Cisco ASA
LAB-ASA5516-X-01/pri/act# conf t
LAB-ASA5516-X-01/pri/act(config)# username artemiy password artemiy privilege $
LAB-ASA5516-X-01/pri/act(config)# username artemiy attributes
LAB-ASA5516-X-01/pri/act(config-username)# ssh authentication publickey ?
username mode commands/options:
WORD Raw SSH-RSA public key
LAB-ASA5516-X-01/pri/act(config-username)# ssh authentication publickey AAAAB3$
We insert the whole key in one line (OpenSSH format).Huawei routers and switches
[R1]rsa peer-public-key test-key1 encoding-type pem
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[R1-rsa-public-key]public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[R1-rsa-key-code]---- BEGIN SSH2 PUBLIC KEY ----
[R1-rsa-key-code]Subject: Subject
[R1-rsa-key-code]Comment: " Subject@Subject.local"
[R1-rsa-key-code]ModBitSize: 2048
[R1-rsa-key-code]AAAAB3NzaC1yc2EAAAADAQABAAABAQC4YLFhPqfsz4a6PUpZOtvm6zGn5TWOVMnx
[R1-rsa-key-code]lTH5hr/u+aYnoM2XnDTu4Ul1iB8MMPLVKXzV4LgYhaFcU1rz2/yYhTKIwbiQTHof
[R1-rsa-key-code]63fJjyWwkvyBuVZTSKh4b2pfoF2mXgdJzzRmUaiRrZZUVJWsX+CbgtKQuktG7sTK
[R1-rsa-key-code]2eguHwdfhilbOAsUaL0/q39Y0aTAMnLMtn0m5r6MD/UopQPI3Fxm1L9azJ7zYIZa
[R1-rsa-key-code]yI43Solg0AOupPl8FHFI9Cxq81/uZRACx5lAyuObaQ4/t1Rdh3CAJj1qwfZjZFTP
[R1-rsa-key-code]VdJxwTDxwfkpOzMD193M0ThOSrgfWe336Q9F3jbSWrEYUQDX8ew7
[R1-rsa-key-code]---- END SSH2 PUBLIC KEY ----
[R1-rsa-key-code]public-key-code end
[R1-rsa-public-key]peer-public-key end
[R1]display rsa peer-public-key
=====================================
Key name: test-key1
=====================================
Key Code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQC4YLFhPqfsz4a6PUpZOtvm6zGn5TWOVMnx
lTH5hr/u+aYnoM2XnDTu4Ul1iB8MMPLVKXzV4LgYhaFcU1rz2/yYhTKIwbiQTHof
63fJjyWwkvyBuVZTSKh4b2pfoF2mXgdJzzRmUaiRrZZUVJWsX+CbgtKQuktG7sTK
2eguHwdfhilbOAsUaL0/q39Y0aTAMnLMtn0m5r6MD/UopQPI3Fxm1L9azJ7zYIZa
yI43Solg0AOupPl8FHFI9Cxq81/uZRACx5lAyuObaQ4/t1Rdh3CAJj1qwfZjZFTP
VdJxwTDxwfkpOzMD193M0ThOSrgfWe336Q9F3jbSWrEYUQDX8ew7
---- END SSH2 PUBLIC KEY ----
aaa
local-user jet privilege level 15
local-user jet service-type telnet terminal ssh http
ssh user jet assign rsa-key test-key1
Types of key formats imported to Huawei:“The SecureCRT and PuTTY generate RSA keys in PEM format.”rsa peer-public-key test-key1 encoding-type pem
“The OpenSSH generates RSA keys in OpenSSH format.”rsa peer-public-key test-key1 encoding-type openssh
“The OpenSSL generates RSA keys in DER format.”rsa peer-public-key test-key1 encoding-type der
The default is in hexadecimal:rsa peer-public-key test-key1
Note: Huawei equipment not only supports keys in RSA format, but also other formats:ssh user user-name assign { rsa-key | dsa-key | ecc-key } key-name
You can rigidly set the authentication type for the user over SSH:[R1]ssh user jet authentication-type ?
all All authentication, password,RSA or ECC
ecc ECC authentication
password Password authentication
password-ecc Both password and ECC
password-rsa Both password and RSA
rsa RSA authentication
[R1]
That is, we allow access using either a password, or public and private keys, or both.Huawei USG (6000)
The configuration is completely similar to the settings on the router, but has some features.By default, the privilege level after logging using certificates is 0 and cannot be elevated. Therefore, the priority level is set usinguser-interface vty 0 4
user privilege level 15
user-interface vty 16 20:
user privilege level 15
Example:[USG-a]rsa peer-public-key test-key1 encoding-type pem
Enter "RSA public key" view, return system view with "peer-public-key end".
[USG-a-rsa-public-key]public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[USG-a-rsa-key-code]---- BEGIN SSH2 PUBLIC KEY ----
[USG-a-rsa-key-code]Subject: subject
[USG-a-rsa-key-code]Comment: " subject@subject.local"
[USG-a-rsa-key-code]ModBitSize: 2048
[USG-a-rsa-key-code]AAAAB3NzaC1yc2EAAAADAQABAAABAQC4YLFhPqfsz4a6PUpZOtvm6zGn5TWOVMnx
[USG-a-rsa-key-code]lTH5hr/u+aYnoM2XnDTu4Ul1iB8MMPLVKXzV4LgYhaFcU1rz2/yYhTKIwbiQTHof
[USG-a-rsa-key-code]63fJjyWwkvyBuVZTSKh4b2pfoF2mXgdJzzRmUaiRrZZUVJWsX+CbgtKQuktG7sTK
[USG-a-rsa-key-code]2eguHwdfhilbOAsUaL0/q39Y0aTAMnLMtn0m5r6MD/UopQPI3Fxm1L9azJ7zYIZa
[USG-a-rsa-key-code]yI43Solg0AOupPl8FHFI9Cxq81/uZRACx5lAyuObaQ4/t1Rdh3CAJj1qwfZjZFTP
[USG-a-rsa-key-code]VdJxwTDxwfkpOzMD193M0ThOSrgfWe336Q9F3jbSWrEYUQDX8ew7
[USG-a-rsa-key-code]---- END SSH2 PUBLIC KEY ----
[USG-a-rsa-key-code]public-key-code end
[USG-a-rsa-public-key]peer-public-key end
[USG-a]
[USG-a]ssh user admin assign rsa-key test-key1
! Out-of-band management interface:
[USG-a-GigabitEthernet0/0/0]service-manage ssh permit
! Grant user level 15 privillege:
[USG-a]user-interface vty 0 4
[USG-a-ui-vty0-4]user privilege level 15
Cisco Nexus 9.3
Option 1: pre-install the public key file on the device and attach the public key file to the user.- Copy the public key file to the device.
- We instruct the user to use the public key file.
switch# copy tftp://10.10.1.1/secsh_file.pub bootflash:secsh_file.pub
username User1 sshkey file bootflash:secsh_file.pub
Option 2: copy the public key to the user:username User1 sshkey
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4YLFhPqfsz4a6PUpZOtvm6zGn5TWOVMnxlTH5hr/u+aYnoM2XnDTu4Ul1iB8MMPLVKXzV4LgYhaFcU1rz2/yYhTKIwbiQTHof63fJjyWwkvyBuVZTSKh4b2pfoF2mXgdJzzRmUaiRrZZUVJWsX+CbgtKQuktG7sTK2eguHwdfhilbOAsUaL0/q39Y0aTAMnLMtn0m5r6MD/UopQPI3Fxm1L9azJ7zYIZayI43Solg0AOupPl8FHFI9Cxq81/uZRACx5lAyuObaQ4/t1Rdh3CAJj1qwfZjZFTPVdJxwTDxwfkpOzMD193M0ThOSrgfWe336Q9F3jbSWrEYUQDX8ew7
Using a secret key for SSH connection
This section is devoted to configuring SSH clients for authentication using RSA keys on network equipment (or other equipment, provided that the hardware and software supports public key authentication).We will consider setting up the use of the public key in the most popular programs: SecureCRT and PuTTY.SecureCRT
There is an Authentication list in the SSH settings window. In it, you need to increase the priority of PublicKey to the highest - make it top in the list.Then go to the PublicKey options and select the private key file. The topmost switch allows you to use the global settings of the secret key or session settings - another secret key (non-default key) - only for this connection.Configure the global public key: in the menu Options → Global options → Category SSH2.PuTTY
In the SSH settings (Connection → SSH → Auth) in the field “Private key file for authentication” specify the file Putty Private Key (* .ppk):MAC OS X
Setting up a standard client for using public keys:- Connection with a non-default key specified manually:
artemiy-2:~ ArtemiySP$ ssh r4@10.31.73.29 -i ~/Documents/python/r4
The authenticity of host '10.31.73.29 (10.31.73.29)' can't be established.
RSA key fingerprint is SHA256:fxOLFKU6YGyIqisrIh2P0O52Rr6Wx/wsSAcHsTz8fo0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.31.73.29' (RSA) to the list of known hosts.
CSR-4#
- Connection with a non-default key specified manually:
artemiy-2:~ ArtemiySP$ ssh r5@10.31.73.30 -i ~/Documents/python/r5
The authenticity of host '10.31.73.30 (10.31.73.30)' can't be established.
RSA key fingerprint is SHA256:4l67C4Il4pTaqYT4vrtWr0aY7rPmNWKsjRv2zlYtQIU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.31.73.30' (RSA) to the list of known hosts.
MGTU#exit
Connection to 10.31.73.30 closed.
Example Error— . MAC OS X — .
- Connection with the default key (default key - the system itself will find and use the Default public key):
artemiy-2:~ ArtemiySP$ ssh r6@10.31.73.31
The authenticity of host '10.31.73.31 (10.31.73.31)' can't be established.
RSA key fingerprint is SHA256:2/ysACJQw48Q8S45ody4wna+6nJspcsEU558HiUN43Q.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.31.73.31' (RSA) to the list of known hosts.
PR#exit
Connection to 10.31.73.31 closed.
artemiy-2:~ ArtemiySP$
How to simplify working with SSH on MAC OS X:
- Create SSH Aliases.
- In SSH Aliases, we immediately set the users.
- Immediately register the location of the keys.
The location of Aliases and the pre-configured SSH configuration are specified in the ~ / .ssh / config file (/Users/[Username†/.ssh/config).Filled in this way:host r4
Hostname 10.31.73.29
Port 22
User r4
IdentityFile ~/Documents/python/r4
host r5
Hostname 10.31.73.30
Port 22
User r5
IdentityFile ~/Documents/python/r5
host r6
Hostname 10.31.73.31
Port 22
User r6
Note: my default connection is incorrectly configured (I don’t know how correctly), because the connection to the R6 host (10.31.73.31) takes a very long time. It is recommended that you specify immediately specify the path to the default key.An example of an ssh connection using public keys and a config file:artemiy-2:Documents ArtemiySP$ ssh r5
MGTU#exit
Connection to 10.31.73.30 closed by remote host.
Connection to 10.31.73.30 closed.
artemiy-2:Documents ArtemiySP$ ssh r4
CSR-4#exit
Connection to 10.31.73.29 closed by remote host.
Connection to 10.31.73.29 closed.
artemiy-2:Documents ArtemiySP$ ssh r6
PR#exit
Connection to 10.31.73.31 closed.
artemiy-2:Documents ArtemiySP$ ssh r6
PR#
Conclusion
RSA keys can be used to replace password authentication, but not in all cases:- Public key authentication is not possible if domain authentication is configured (because LDAP requests (kerberos) to the server are proxied for authentication).
- Public key authentication on old network equipment is not possible (example: failed to configure on Cisco Catalyst 2960 with firmware 12.2).
Password-protected public keys are conveniently used in bench equipment. Disadvantage: it is necessary to send a bunch of private and public keys to colleagues and partners.On some equipment, several pairs of public keys can correspond to one user, on other equipment only one public key corresponds to one user.There are also different formats in which a pair of public and private keys is stored. But this guide will help you export keys in different formats.Today, it is optimal to use keys with a length of 2048 bits, but for some equipment this is the maximum possible key length (maybe this will be fixed in new firmware). For instance:[R1]rsa peer-public-key test-key2 encoding-type pem
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[R1-rsa-public-key]
It is recommended to use public keys to replace passwords if passwords are entered using scripts (example: autologon in SecureCRT).It is recommended that you use public keys to protect against password transmission over the network.Some software uses public keys by default for SSH authentication instead of a password (example: Ansible).List of sources:
- Wikipedia RSA
- Conversion from Putty to SecureCRT with auth. keys, SecureCRT Forum
- Secure Shell Configuration Guide, Cisco IOS Release 15E
- Download PuTTYgen
- Huawei official documentation - a description of the various key formats for importing to a Huawei router
- Huawei USG 6000, Configuring Public Key Authentication (CLI: Example for Logging In to the CLI Using STelnet (RSA Authentication))
- Nexus 9000 Configuration guide SSH public key
- man ssh-keygen — mac os x.
- SSH config file MAC OS X
- SSH
- SSH config
- openssh public key RFC4716