How to create a reboot schedule for Extreme Networks Identify AP’s
1. Log into the controller via SSH
2. Input the username and password for the controller (same as the web GUI login). Then after login type shell
. Enter the password that you used to log into the controller.
3. On the controller, run 'ssh-keygen
’ and go through the prompts to create a public (id_rsa.pub) and private (id_rsa) keypair for use with authentication. These get dumped into a .ssh folder in the user's directory (in this case, root, so /root). There's an option to apply a passphrase to the private key, but opted not to do it, as it would have to be put in before connecting (basically, it provides the option to provide a password locally to unlock a key instead of sending a password over the network for authentication)
After running ssh-keygen
you will get a pblic key similar to this. Example:
4. Then you need to create the ssh script
5. Type cd /root
to change directory to the root folder and then create script. Type vi rebootap.sh
6. This will place you in the vi console. Now type your script. You need an entry for every AP (ex.)
7. Then hit the esc
button and then type ctrl+q
(This will write, save, and quit the file in vi
8. Now ssh into every AP and paste this command
On each AP, we created a folder .ssh in /root, and created a file inside called 'authorized_keys', in which we put the contents of the controller's id_rsa.pub file. When connecting via SSH, the combo of the controller's private key and public key in the authorized_keys file will complete the authentication without the need for a password.
One thing to note is that for each device you connect to, if it's the first time, it'll prompt you with a message about the host fingerprint, e.g.:
The authenticity of host 'my.computer.local (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is 6a
Are you sure you want to continue connecting (yes/no)?
When you continue connecting, that key/hostname/ip combo gets put in the controller's 'known_hosts' file, also in the .ssh directory. Subsequent connections verify that the host fingerprint matches (to prevent man-in-the-middle attacks); if the host you're connecting to has had OpenSSH reinstalled (due to format, etc.), the fingerprint will probably change, no longer match, and fail to connect. You would need to edit the 'known_hosts' file and remove the old entry
(This will allow the controller to SSH into the AP without a password)
To do this, you would take the key that was created in ssh-keygen
and place it into this small script that you can copy and paste after you ssh into the AP.Example:
echo "ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEA+1JVD+Vm7zvTc8A7tfyzoYeUEmurWdizPlMbi6KDxm.gifsW4n/XaDNNnIMXUTdg4qEpXxS/xEyyp02XMN3S7bnC5WvlL8qAZE4derZzoob4o6cwlohah/m2xVxDw5qhHyUKzB4NF8DTLxbCJ9fqHGvxxj/+4hs9+JUDBxYygrG6AKNtEW4KWIGCoyNO2SOtZM1VeXopidwwK6xsN11CNYujeIqOOkmwtYy7Z7evVZ+1hiQIeTedF+Nu330aQedQnH1E8iaip3RRg7Lup1u+I3LfluKC+sb6QzO6dCJ8ITJyYzstkAdERbNK7EwrVB55S5DsjrflRLFt2ZxN66uIJQ== root@EWC.extremenetworks.com" > .ssh/authorized_keys
9. Now lets create the cronjob on the controller
Type crontab –e “0 1 * * * /root/rebootap.sh”
This will create the reboot schedule and will reboot the AP’s at 1am every day. The schedule can be edited on an as per needed basis.