Header Only - DO NOT REMOVE - Extreme Networks

SSH key-based auth to 7100-Series problem


Userlevel 2
Hey,

Please tell me the following is not normal:

1) Pubkey auth is enabled and password auth disabled.
2) I am not using any private key at all! (no ssh -i "private_key" here)
3) I can login with the password only.

SSH key-based auth to 7100-Series

71(rw)->show ssh
SSH Server:
State: Enabled
Host key type: RSA
Allowed Ciphers List (default):
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,
blowfish-cbc,cast128-cbc,(email address removed by admin)
Allowed MACs List (default):
hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,hmac-sha1,hmac-md5,hmac-ripemd160,
hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
Allowed Authentication Methods:
password: disabled
pubkey: enabled
PKI Trusted CA List:
PKI Authorized Cert List:
Authorized User Public Keys:
Username Type Bits Public Key
---------------- ---- ---- ---------------------------------------------------
rw RSA 2048 x

SSH Client:
Client alive interval: 30
Client alive count: 5

71(rw)->exit
Connection to 1.2.3.4 closed.
root@nms:~$ ssh rw@1.2.3.4
Pubkey AUTHENTICATION succeeded, please enter rw's Password for AUTHORIZATION.
Password:

B O N D E D 7 1 0 0 - S E R I E S
Command Line Interface

Extreme Networks, Inc.
145 Rio Robles
San Jose, CA 95134
Phone: +1 408 579-2800
E-mail: support@extremenetworks.com
WWW: http://www.extremenetworks.com

(c) Copyright Extreme Networks, Inc. 2015

Chassis Firmware Revision: 08.42.01.0005
[/code]

NB. Please fix usage of the "pre" button for multi-line input.

3 replies

Userlevel 7
I've fixed the formatting in your post, I know it's quirky. It works well if you click the button before pasting in your text. Rather than unselecting the button when done, just click elsewhere to move your cursor out of the area.
Userlevel 2
Oups, id_rsa is the default private key file used by ssh. Mea culpa.
However this still does not solve my problem:

root@nms:~/.ssh$ ssh rw@1.2.3.4 show conf
Write failed: Broken pipe

[/code]How to run commands "unattended"? (Without using expect!)
Userlevel 7
I did not find a way w/o expect for the S-Series EOS (used on the 7100 as well), see https://community.extremenetworks.com/extreme/topics/connectionproblems-with-plink-putty-for-command... 😞
Userlevel 2
That's a pity. FWIW Here is an expect script for the show transceiver command

I recommend activating and using the "ro" user of the switch!!

#! /usr/bin/expect

set host [lrange $argv 0 0]
set port [lrange $argv 1 1]

spawn ssh ro@$host
expect {
{word:?} {send "password\r"}
}
expect {
{)->} {send "show port transceiver $port\r"}
}
expect {
{)->} {send "exit\r"}
}
exit[/code][/code]And here is the wrapper for that in bash

#!/bin/bash

if [ $# -ne 2 ]; then
echo "Syntax: $0 host port"
exit 1
fi

TMPF=/dev/shm/$0.$1.$2.tmp
rm -f $TMP

host=$1
port=$2

/usr/local/nagios/libexec/show-transceiver.xp $1 $2 > $TMPF

VOLT=$(awk '{if ($2=="Voltage") print $4}' $TMPF)
TEMP=$(awk '{if ($2=="Temp") print $4}' $TMPF)
TX=$(awk '{if ($2=="TX" && $4=="(dBm)") print $5}' $TMPF)
RX=$(awk '{if ($2=="RX" && $4=="(dBm)") print $5}' $TMPF)

echo "$TEMP degrees C, $VOLT Volt, $RX dBm RX, $TX dBm TX|v=$VOLT t=$TEMP tx=$RX rx=$TX"[/code]
This can be used as Nagios plugin (if you add thresholds and appropriate return codes).

Have fun 🙂

Reply