Configure an Administrator with SSH Key-Based Authentication for the CLI
For administrators who use Secure Shell (SSH) to access the Panorama CLI, SSH keys provide a more secure authentication method than passwords. SSH keys almost eliminate the risk of brute-force attacks, provide the option for two-factor authentication (private key and passphrase), and don’t send passwords over the network. SSH keys also enable automated scripts to access the CLI.
Configure an Administrator with SSH Key-Based Authentication for the CLI
Use an SSH key generation tool to create an asymmetric key pair on the client system of the administrator. The supported key formats are IETF SECSH and Open SSH. The supported algorithms are DSA (1024 bits) and RSA (768-4096 bits). For the commands to generate the key pair, refer to your SSH client documentation. The public key and private key are separate files. Save both to a location that Panorama can access. For added security, enter a passphrase to encrypt the private key. Panorama prompts the administrator for this passphrase during login.
Configure the administrator account to use public key authentication. Configure an Administrative Account. Configure one of two authentication methods to use as a fallback if SSH key authentication fails: Select an Authentication Profile if you configured one for the administrator. Select None and enter a Password and Confirm Password. Select the Use Public Key Authentication (SSH) check box, click Import Key, Browse to the public key you just generated, and click OK. Click OK and Commit, select Panorama for the Commit Type, and click Commit again.
Configure the SSH client to use the private key to authenticate to Panorama. Perform this task on the client system of the administrator. Refer to your SSH client documentation as needed to complete this step.
Verify that the administrator can access the Panorama CLI using SSH key authentication. Use a browser on the client system of the administrator to go to the Panorama IP address. Log in to the Panorama CLI as the administrator. After entering a username, you will see the following output (the key value is an example): Authenticating with public key “dsa-key-20130415” If prompted, enter the passphrase you defined when creating the keys.

Related Documentation