Is there a way of setting up a Cisco swtich (Cisco Catalyst 3850 12 Port GE SFP IP Base – its not arrived so I don't know the IOS) to allow SSH without specifying a USERNAME
The customer currently has many switches all setup allowing TELNET using
no aaa new-model
...
line vty 0 4
exec-timeout 15 0
password ThisIsNotAPassword
login
and I want to covert them to SSH. So I'll need to change their current method of logon.
I've always used aaa new-model and so on and so whilst I don't believe its possible to use SSH without a user I want to know that this is true before I tell my customer.
I've seen some articles about using certificates but nothing specifically about this.
Best Answer
You need some sort of credentials for SSH to work. You can either set it up using passwords like normally, or you can use a certificate to authenticate.
Here's a discussion that might be helpful: https://supportforums.cisco.com/t5/security-management/ssh-access-without-password/td-p/1517835
In Cisco parlance, they call it "RSA-based public key authentication".