Cisco Nexus Switch SSH login with YubiKey using X.509 certificate - Part I (two-factor and local AAA)
In the blog we will configure Cisco Nexus switch SSH login with YubiKey smartcards and X.509 certificates. The implementation has a limitation on the SSH client side. We must use a proprietary SSH-client. As of my knowledge; only two commercial/proprietary SSH-client support the functionality - SecureCRT and Pragma Fortress SSH Client . It will be two part series - in Part-I - AAA for SSH will be implemented locally in the switch and in Part-II - AAA will be implemented in a remote AAA server with TACACS+ protocol (Cisco ISE). We will use below simple topology - 01 - Network Topology We have already configured a YubiKey with user certificate/key (user's public/private key). Certificate related configuration like - configuring CA, issuing user certificates from the CA and transferring the user's certificates to YubiKey; will not be covered in this blog. One can easily find those by using simple Google search. This method of X.509 certificate based SSH-Login works solel...