SCP2 from one switch to another with Public key authentication

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Hi everybody!

I'd like to copy configuration file (like switch.cfg) from one switch to another directly by SCP2. Can I set public key authentication between swithces? I know how to load public key to switch, but can XOS generate this public key?

I hope you get my idea.

If it impossible, can you suggest me another way to do it (TFTP or something) please?
Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,050 Points 5k badge 2x thumb
You can use SCP2 to transfer files between switches.  You just need to "enable ssh2" on the CLI and a key will be created.  Are you trying to do this without a password login?


Switch# scp2 flowtrack.py johndoe@192.0.2.100:flowtrack.py
Upload /config/flowtrack.py to 
Keyboard-interactive authentication
Enter password for johndoe:
Connected to 192.0.2.100.
Uploading /config/flowtrack.py to /config/flowtrack.py
/config/flowtrack.py                                                                                                                        100%   17KB  17.2KB/s   00:00   
Switch#

Switch at 192.0.2.100 logs:
09/30/2015 09:05:04.28  User johndoe logout from ssh (192.0.2.200)
09/30/2015 09:05:04.21 Msg from Master : Got file flowtrack.py
09/30/2015 09:05:04.13 Msg from Master : Did password authentication for user johndoe (192.0.2.200)
09/30/2015 09:05:04.13 Login passed for user johndoe through ssh (192.0.2.200)
(Edited)
Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb
Yes, it works perfectly. But I'd like to do it without keyboard-interactive authentication. I'm going to execute this command remotely by cron.
(Edited)
Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb
Some backgound about it. I have some switches in production network and one switch in cold reserve. My idea is automaticaly copy all .cfg files from switches to reserve switch to minimize recovery time in case of replacement equipment.
(Edited)
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,050 Points 5k badge 2x thumb
Ok I got it working.  You can use public key authentication but you can't generate them from the switch.

 1) Generate RSA keys in linux server using the following commands
ssh-keygen -f sub_rsa_1024 -t rsa -b 1024

2) Now copy-paste the sub_rsa_1024.pub (public file)contents using the following command and associate it with admin user.

Switch# create sshd2 user-key sub_rsa_1024 AAAAB3NzaC1yc2EAAAADAQABAAEXOSisCOOL80aYjF1rpveAyFzCHhMJp7N61a43FY7sZPnxQpkSxjsuJ/gda2D+biiYmd3bpinGtcd+k3mANk4K+LT/wtA4I0wStF5eT5Jg8aN5HPEMdhvHhPJH1IodeQDotqfRRXAup4IgYvk5eT/ndYDRzqKsgwuNKO8kwTUgw==


Switch# configure sshd2 user-key sub_rsa_1024 add user admin


3)Try logging in using the user with the key from the SSH client
ssh -i /root/.ssh/sub_rsa_1024 admin@192.0.2.100


Logs from the switch:

09/30/2015 10:08:07.94  Msg from Master : Did key authentication for user admin (192.0.2.200)
09/30/2015 10:08:07.94 Msg from Master : Login passed for user admin through ssh (192.0.2.200)
09/30/2015 10:08:07.94 Msg from Master : Found valid key for user admin


SW login:

login as: admin
Authenticating with public key "rsa-key-20150930"
ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================

Press the or '?' key at any time for completions.
Remember to save your configuration changes.

Switch#


(Edited)
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,050 Points 5k badge 2x thumb
I updated our KB article about this topic to make it easier to find, and added all the details I provided to you.  Let me know If this works for you.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-user-key-based-authentica...
(Edited)
Photo of eyeV

eyeV

  • 2,484 Points 2k badge 2x thumb
Thank you. It works!