SSH: Implement SSH Public Key Authentication

Veit
Veit Posts: 21  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited July 2 in Switch Ideas
Hi,

I have got a suggestion for future ZyNOS releases:

It would be great to be able to log into the switch using an SSH Pubkey instead of password.

Using pubkeys would increase security (especially combined with a possibility to disable password auth for SSH) and make scripting/automation easier as wrappers like sshpass would be no longer required.

Best regards,
// Veit
2 votes

Active · Last Updated

Comments

  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Nebula
    Hi @Veit,

    We have an internal meeting to evaluate this idea, and this feature is now in Zyxel future roadmap.

    Thanks for your advice.
    Jason
  • danyedinak
    danyedinak Posts: 51  Ally Member
    First Comment Friend Collector Sixth Anniversary
    Whatever happened with this? Was it ever implemented anywhere?
  • JasonTsai
    JasonTsai Posts: 104  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Nebula
    Hi @danyedinak ,

    Thanks for following up on this.

    Although we understand the benefit of offering SSH public key authentication and we’ve already add it to our roadmap, the availability has been pushed out several times due to more urgent project demands.

    Jason
  • Tomaszz
    Tomaszz Posts: 1
    First Comment

    Over 3 years later, is there any update on this?

    I know that this can be configured with ACS server, but a menu option from the supervisor level would be useful, to see what keys are present and add any manually.

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,199  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    edited February 21

    Hi @Tomaszz

    We are pleased to inform you that this feature is set to be introduced in the switch V4.90 firmware version.

    Since our firmware updates are customized for each switch series, could you please specify the model of the switch you are inquiring about? This will enable us to offer you the most accurate and relevant information regarding availability and implementation.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Veit
    Veit Posts: 21  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi Kay,

    I am the original author.

    We use XGS2210, XGS2220 and XGS4600 series switches.

    Best regards,
    // Veit

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,199  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Veit

    SSH public key authentication in ZyNOS4.90 is being implemented in series by series.
    We have GS1350 series already support this, following by GS2220 series ( support in Q3’24) and GS1920 series (support Q4’24).

    ZyNOS4.90 for XGS2200 series will be focus on the new XGS2220 series only, with estimate time frame around Q4’24.
    XGS4600 cannot fit in the pipeline for this year, so it will be plan at a later time frame.

    We apologize for the long waited patience on this as we work to balance new feature request and introduce advanced technology products (2.5G / Multi-gig / 10G) to the Zyxel switch portfolio.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • mietz
    mietz Posts: 7  Freshman Member
    First Comment Friend Collector First Anniversary

    Hi Kay, is there an a eta when 4.90 will be available for XMG1915 Series?

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,199  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @mietz

    We’ll introduce SSH public key authentication for XMG1915 in further FW version. The schedule is not finalized yet since we also need to take other models and features into consideration, we will update XMG1915’s ETA once it is available.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community