SSH: Implement SSH Public Key Authentication

Veit
Veit Posts: 21  Freshman Member
First Anniversary 10 Comments Friend Collector
edited August 2022 in Switch Ideas
Hi,

I have got a suggestion for future ZyNOS releases:

It would be great to be able to log into the switch using an SSH Pubkey instead of password.

Using pubkeys would increase security (especially combined with a possibility to disable password auth for SSH) and make scripting/automation easier as wrappers like sshpass would be no longer required.

Best regards,
// Veit
2 votes

Active · Last Updated

Comments

  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    First Anniversary ZCNE Nebula Level 1 Certification - 2019 Friend Collector First Comment
    Hi @Veit,

    We have an internal meeting to evaluate this idea, and this feature is now in Zyxel future roadmap.

    Thanks for your advice.
    Jason
  • danyedinak
    danyedinak Posts: 49  Freshman Member
    First Anniversary Friend Collector First Comment
    Whatever happened with this? Was it ever implemented anywhere?
  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    First Anniversary ZCNE Nebula Level 1 Certification - 2019 Friend Collector First Comment
    Hi @danyedinak ,

    Thanks for following up on this.

    Although we understand the benefit of offering SSH public key authentication and we’ve already add it to our roadmap, the availability has been pushed out several times due to more urgent project demands.

    Jason
  • Tomaszz
    Tomaszz Posts: 1
    First Comment

    Over 3 years later, is there any update on this?

    I know that this can be configured with ACS server, but a menu option from the supervisor level would be useful, to see what keys are present and add any manually.

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 21

    Hi @Tomaszz

    We are pleased to inform you that this feature is set to be introduced in the switch V4.90 firmware version.

    Since our firmware updates are customized for each switch series, could you please specify the model of the switch you are inquiring about? This will enable us to offer you the most accurate and relevant information regarding availability and implementation.

    Kay

  • Veit
    Veit Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hi Kay,

    I am the original author.

    We use XGS2210, XGS2220 and XGS4600 series switches.

    Best regards,
    // Veit

  • Zyxel_Kay
    Zyxel_Kay Posts: 522  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Veit

    SSH public key authentication in ZyNOS4.90 is being implemented in series by series.
    We have GS1350 series already support this, following by GS2220 series ( support in Q3’24) and GS1920 series (support Q4’24).

    ZyNOS4.90 for XGS2200 series will be focus on the new XGS2220 series only, with estimate time frame around Q4’24.
    XGS4600 cannot fit in the pipeline for this year, so it will be plan at a later time frame.

    We apologize for the long waited patience on this as we work to balance new feature request and introduce advanced technology products (2.5G / Multi-gig / 10G) to the Zyxel switch portfolio.

    Kay