Yes. Exactly my point. Enabling public key doesn't disable non-public key logins.
If you don't want someone logging in with user/pass credentials, set the password to something extraordinarily complex and don't save anywhere.
Original Message:
Sent: Feb 03, 2025 11:52 AM
From: JJ5
Subject: ClearPass SSH Public-Private Key Failure
Yes chulcher.
That is exactly my point / question.
If I log in from "another client" without a key - it only asks for a username & password. No Key Required
Original Message:
Sent: Feb 03, 2025 11:21 AM
From: chulcher
Subject: ClearPass SSH Public-Private Key Failure
Just because you can login with a key, doesn't mean that the login is restricted to only with a key.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Feb 03, 2025 07:19 AM
From: JJ5
Subject: ClearPass SSH Public-Private Key Failure
Good Day.
Thank you for the reply.
I am using SecureCRT. So I have created the Public key from there
https://www.vandyke.com/support/tips/publickeyauth.html
I then added it to Clearpass, as per your post.
However. When I open SSH from "another client" it just ask for a username & password and connects.
Original Message:
Sent: Feb 03, 2025 07:08 AM
From: Daniel Ruiz
Subject: ClearPass SSH Public-Private Key Failure
Hello,
Have you more or less followed these steps taken from another forum post?
Configuration:
Setting up public-key authentication using SSH:
1. Please login to the CLI of OSX or Linux system and execute the below command to generate RSA private key and Public Key:
ssh-keygen -t rsa

2. You will be prompted to supply a filename (for saving the key pair) and a password (for protecting your private key):
A. Filename: To accept the default filename (and location) for your key pair, press Enter or Return without entering a filename.
Alternatively, you can enter a filename (e.g., my_ssh_key) at the prompt, and then press Enter or Return.
3. Password: Enter a password that contains at least five characters, and then press Enter or Return. If you press Enter or Return without entering a password, your private key will be generated without password-protection.
4.Your private key will be generated using the default filename (e.g., id_rsa) or the filename you specified (e.g., my_ssh_key), and stored on your computer in a .ssh directory off your home directory (e.g., ~/.ssh/id_rsa or ~/.ssh/my_ssh_key).
The corresponding public key will be generated using the same filename (but with a .pub extension added) and stored in the same location Once the RSA keygen is created it will show you the location where the files are saved

5. Please open the Public Key file using:
cat /root/.ssh/id_rsa.pub

6. Please navigate to Administration > Server Manager > Server Configuration > Network and click on "Add Publick Key" .

7. Copy and Paste the Public Key in the space provided.
8. Now you can login to the Server from your local system.
Verification
Login to using private key:
1. In order to login On the SSH command line: Add the "-i" flag and the path to your private key.
For example, to invoke the private key id_rsa , stored in the /root/.ssh/ directory, when connecting to your account on a remote host (e.g., appadmin@<CPPM-IP/Hostname>), enter:
ssh -i /root/.ssh/id_rsa appadmin@<hosname/IP>
2. It will prompt you to enter the private key passphrase to decrpt the encrypted private key file, please provide the same pass-phrase which was given during RSA creation.
3. Please ignore the warning which it will prompt when you connect for the first time as that device is not in the list of Known Clients.

4. Once you provide input as "Yes" it will be automatically added to the list of Known hosts, and allow you access to the CPPM Command Line.

Best Regards
------------------------------
Daniel Ruiz
-----------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
Original Message:
Sent: Feb 03, 2025 05:42 AM
From: JJ5
Subject: ClearPass SSH Public-Private Key Failure
Good day.
I want to make use of SSH Public-Private Keys to log into my ClearPass server.
I did create the Key on SecureCRT and have added it to the Clearpass server under Server>Network>SSH Public Keys
However, if I SSH to the ClearPass Server, I am still able to access it without the Key.
Am I missing something ? Is there a guide of how to configure SSH to make use of the Key on the ClearPass side ?
Thanx in advance
I am running Clearpass 6.9.13.