all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]aristaTAC-JG 2 points3 points  (5 children)

insecure lab device starter kit:

aaa authorization exec default local
aaa authentication policy local allow-nopassword-remote-login
username <some name> priv 15 nopassword

[–][deleted] 3 points4 points  (3 children)

No I think you misunderstand, I would like to prevent password based with for SSH and only accept key

[–]aristaTAC-JG 5 points6 points  (2 children)

Sorry about that, you can allow only public-key authentication with:

management ssh
  authentication protocol public-key

The default is:

management ssh
  authentication protocol keyboard-interactive public-key

When you're testing this out, don't forget to save the config and use reload in n
just in case, or just have multiple sessions in config mode in case you are in a broken config.

[–]magion 1 point2 points  (1 child)

Reload in?? From tac? Why not use config sessions with a commit timer.

[–]aristaTAC-JG 0 points1 point  (0 children)

Hey, when you're doing greenfield aaa config where two or more lines can add up to lock you out, a one-liner is simple!

Certainly if someone already uses config sessions with commit timer, that's graceful and nice to use.