Guest

Preview Tool

Cisco Bug: CSCvs29412 - x509 SSH authentication incorrect UPN value selected

Last Modified

Jan 17, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.9.3

Description (partial)

Symptom:
SSH x509 certificate authentication failing to authenticate, we see the following debug outputs:

May 17 13:43:06.419 EDT: CRYPTO_PKI: found UPN as value data USER@DOMAIN.GOV
May 17 13:43:06.419 EDT: CRYPTO_PKI: found UPN as value data R^CPX!^Nm:V$M!hZ^A^L8QL(^B^B^PWh
May 17 13:43:06.419 EDT: CRYPTO_PKI: Selected AAA username: 'R^CPX!^Nm:V$M!hZ^A^L8QL(^B^B^PWh'

Conditions:
Catalyst 9300 with SSH x509 certificate authentication configured and SSH client using certificate authentication.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.