Related to Authenticate ssh key via Cisco ACS (TACACS+)
Given a working ssh public key config:
ip ssh pubkey-chain
username admin
key-string
<ssh-pub-key>
exit
exit
I have only been able to provide authorization for the above with an additional username entry:
username admin privilege 15
Nice to discover that you can leave off the secret part, but is there a way to have the cisco query the radius for the privilege level? and/or combine the authorization into the pubkey-chain?
Best Answer
If the radius server supports cisco av-pair attributes then you can configure it to push:
Note that this requires authorization to be enabled in addition to authentication.
Src: How to Assign Privilege Levels with TACACS+ and RADIUS