Configuring ISE for Public Key Authentication

Users are now able to be authenticated using Public Key Authentication. When authentication using public key is enabled, password-based user authentication is disabled. The public key authentication mechanism can be disabled at any time.

Do not execute the command 'service sshd PubkeyAuthentication' if you do not have a public key to import into ISE. This disables password-based authentication and Cisco ISE will expect you to login using a private key. If you do run into this issue, you need to use the console port to login into Cisco ISE and disable Public Key Authentication with the command 'no service sshd PubkeyAuthentication'.

Create the SSH Public Key:
ssh-keygen

Enable SSH Public Key Encryption:
service sshd PubkeyAuthentication

Import Public Key File:
crypto key import [public key filename] repository [repository name]

Repository URLs now require an inconvenient space, here's why:
There are three elements to the command,
- url - tells ISE that you are configuring the repository url
- ftp: - specifies the protocol to be used
- //ip address - is the path to the repository given the protocol stated

url ftp: //[IP address]

00:00 Intro
00:10 Minumum Version
00:26 Lab Environment
01:06 Creating the SSH Key
01:46 Verify Key Files
02:26 View the SSH Key in the Linux terminal
02:45 Creating Environment Variables in your Linux Terminal
03:46 Loading your Environment Variables into the Linux Shell
04:05 Using grep to View your Environment Variables
04:23 Using Environment Variables to ssh to ISE
04:48 Steps to enable Public Key Authentication in ISE
06:24 Creating an alias in Linux Shell to call the SSH Key File
06:52 Loading the alias into the Linux Shell
07:05 Using the alias and Environment Variables to ssh into ISE
07:24 Enabling Public Key Authentication using Zero Touch Provisioning (ZTP) during ISE installation
08:04 public_key in the ZTP configuration file
08:32 All the new ZTP options introduced in ISE 3.2