How to setup passwordless SSH into X450a-48t switch

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Answered
Create Date: Jun 3 2013 8:19AM

Hi,

I'm trying to setup automated backup of the switch and I'd like to have the script to login to the switch without using password.
How do I setup the SSH keys so I can ssh/sftp from a linux box into the extreme switch without password?

Thanks!
(from juha_a)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb

Posted 4 years ago

  • 0
  • 2
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 3 2013 6:51PM

Hi juha_a,

maybe you can use "Automated Backup Script" ?
You find it in Workbench->Scripts


Jarek

(from Jaroslaw_Kasjaniuk)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 11 2013 1:27PM

Answering the question:
create sshd2 user-key adminkey (paste your pub key here)  subject "anything" comment "anything"
configure sshd2 user-key adminkey add user admin

if you don't want to use the default admin account, you might create another account for backup: 
create account admin backup s3cr3tp4ssw0rd

then it would be
create sshd2 user-key backupkey (paste your pub key here) subject "anything" comment "anything" 
configure sshd2 user-key backupkey add user backup


(from Luis_Coelho)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 20 2013 6:01PM

Here's one for the crowd;

How can I view the public key generated by the switch itself? I've got no problems going from the server to the switch, however the reverse is not possible without a pub key for the authenticated hosts file on the backup server.

The case scenario is having a cron on the backup server that touches an .xsf script that uses scp to send the config file back up to the backup server. In this scenario with out a key share trust the password would need to be sent from each switch to the backup server.

I've seen any number of ways to input the public keys of external servers, however not the reverse.

Thanks in advance for any insight, I think I'm just missing something basic in the config/command reference guides.

(from jhhyde2)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 21 2013 6:10PM

Haven't tested, but:

create sshd2 key-file host-key filename

it will create filename.ssh on root directory which contains a public key. Is this what you need?

(from Luis_Coelho)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Jul 18 2013 5:01PM


it will create filename.ssh on root directory which contains a public key. Is this what you need?

Thanks, that was precisely what I needed!



(from jhhyde2)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Oct 15 2013 2:16PM

Yes this is correct but:

I can't get my public key to conf file via CLI so I have to copy my pub key via scp to switch memory a then use command:

save  => for save my key in configuration then:
configure sshd2 user-key  . . . . .    => for bounding my login with pub key.

Important note:
When you transfaring file which contains pub key you have to rename it!! For example: id_rsa.pub to id_rsa.ssh and then system automatically adds this file to key database.

Thats all :) 

(from steja)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Oct 24 2013 1:13PM

Is there a way of configuring the account so it won't be possible to login with password, only with ssh key?

(from Luis_Coelho)
Photo of EtherNation User

EtherNation User, Official Rep

  • 20,340 Points 20k badge 2x thumb
Create Date: Nov 8 2013 12:29PM

No there is not such way. Because it's like ssh on Linux. Considering situation when a I don't have may SSH key than switch ask me for a password. So in my opinion there is one (and only) way how to achieve this:

Create account with strong password for example with 30 pseudorandom digits and then apply configuration with ssh-keys which provide in post above.

If there is another way please share it! :D

Bye.

(from steja)
Photo of Sotiris Salloumis

Sotiris Salloumis

  • 114 Points 100 badge 2x thumb
Hi,

I've created the public key with the following command:

 create sshd2 key-file host-key sshkey

It created under the root directory the sshkey.ssh and inside it has the public key

I've scp the key file to the remote server ~.ssh/authorized_keys

However I still get the password prompt when I try to ssh from the switch to the remote server.

I want to have this functionality in order to be able to automate some tasks within a universal profile. 

What exact commands I need to execute in order to store the public key in the Switch ? 

Regards
Sotiris
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Have you renamed the key file as sshkey.pub in the remote host?

This conversation is no longer open for comments or replies.