https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44601#M10961 Thank you. It works!<BR /> Wed, 30 Sep 2015 20:02:00 GMT eyeV 2015-09-30T20:02:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44595#M10955 Hi everybody!<BR /> <BR /> I'd like to copy configuration file (like switch.cfg) from one switch to another directly by SCP2. Can I set public key authentication between swithces? I know how to load public key to switch, but can XOS generate this public key?<BR /> <BR /> I hope you get my idea.<BR /> <BR /> If it impossible, can you suggest me another way to do it (TFTP or something) please? Wed, 30 Sep 2015 16:32:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44595#M10955 eyeV 2015-09-30T16:32:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44596#M10956 You can use SCP2 to transfer files between switches. You just need to "enable ssh2" on the CLI and a key will be created. Are you trying to do this without a password login?<BR /> <BR /> Switch# scp2 flowtrack.py johndoe@192.0.2.100:flowtrack.py<BR /> Upload /config/flowtrack.py to <BR /> Keyboard-interactive authentication<BR /> Enter password for johndoe: <BR /> Connected to 192.0.2.100.<BR /> Uploading /config/flowtrack.py to /config/flowtrack.py<BR /> /config/flowtrack.py 100% 17KB 17.2KB/s 00:00 <BR /> Switch# <BR /> Switch at 192.0.2.100 logs:<BR /> 09/30/2015 09:05:04.28 User johndoe logout from ssh (192.0.2.200)<BR /> 09/30/2015 09:05:04.21 Msg from Master : Got file flowtrack.py<BR /> 09/30/2015 09:05:04.13 Msg from Master : Did password authentication for user johndoe (192.0.2.200)<BR /> 09/30/2015 09:05:04.13 Login passed for user johndoe through ssh (192.0.2.200) Wed, 30 Sep 2015 18:13:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44596#M10956 StephenW 2015-09-30T18:13:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44597#M10957 Yes, it works perfectly. But I'd like to do it without keyboard-interactive authentication. I'm going to execute this command remotely by cron. Wed, 30 Sep 2015 18:13:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44597#M10957 eyeV 2015-09-30T18:13:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44598#M10958 Some backgound about it. I have some switches in production network and one switch in cold reserve. My idea is automaticaly copy all .cfg files from switches to reserve switch to minimize recovery time in case of replacement equipment. Wed, 30 Sep 2015 18:13:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44598#M10958 eyeV 2015-09-30T18:13:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44599#M10959 Ok I got it working. You can use public key authentication but you can't generate them from the switch.<BR /> <BR /> 1) Generate RSA keys in linux server using the following commands<BR /> ssh-keygen -f sub_rsa_1024 -t rsa -b 1024<BR /> <BR /> 2) Now copy-paste the sub_rsa_1024.pub (public file)contents using the following command and associate it with admin user.<BR /> <BR /> Switch# create sshd2 user-key sub_rsa_1024 AAAAB3NzaC1yc2EAAAADAQABAAEXOSisCOOL80aYjF1rpveAyFzCHhMJp7N61a43FY7sZPnxQpkSxjsuJ/gda2D+biiYmd3bpinGtcd+k3mANk4K+LT/wtA4I0wStF5eT5Jg8aN5HPEMdhvHhPJH1IodeQDotqfRRXAup4IgYvk5eT/ndYDRzqKsgwuNKO8kwTUgw== <BR /> Switch# configure sshd2 user-key sub_rsa_1024 add user admin <BR /> 3)Try logging in using the user with the key from the SSH client<BR /> ssh -i /root/.ssh/sub_rsa_1024 <A href="https://mailto:admin@192.0.2.100" target="_blank" rel="nofollow noreferrer noopener">admin@192.0.2.100</A><BR /> <BR /> Logs from the switch:<BR /> <BR /> 09/30/2015 10:08:07.94 Msg from Master : Did key authentication for user admin (192.0.2.200)<BR /> 09/30/2015 10:08:07.94 Msg from Master : Login passed for user admin through ssh (192.0.2.200)<BR /> 09/30/2015 10:08:07.94 Msg from Master : Found valid key for user admin<BR /> <BR /> SW login:<BR /> <BR /> login as: admin<BR /> Authenticating with public key "rsa-key-20150930"<BR /> ExtremeXOS<BR /> Copyright (C) 1996-2015 Extreme Networks. All rights reserved.<BR /> This product is protected by one or more US patents listed at <A href="http://www.extremenetworks.com/patents" target="_blank" rel="nofollow noreferrer noopener">http://www.extremenetworks.com/patents</A> along with their foreign counterparts.<BR /> ==============================================================================<BR /> <BR /> Press the or '?' key at any time for completions.<BR /> Remember to save your configuration changes.<BR /> <BR /> Switch#<BR /> <BR /> Wed, 30 Sep 2015 19:15:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44599#M10959 StephenW 2015-09-30T19:15:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44600#M10960 I updated our KB article about this topic to make it easier to find, and added all the details I provided to you. Let me know If this works for you. <BR /> <BR /> <A href="https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-user-key-based-authentication-using-the-CLI" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-user-key-based-authentica...</A> Wed, 30 Sep 2015 20:02:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44600#M10960 StephenW 2015-09-30T20:02:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44601#M10961 Thank you. It works!<BR /> Wed, 30 Sep 2015 20:02:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44601#M10961 eyeV 2015-09-30T20:02:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44602#M10962 Hi Stephen,<BR /> So can you please confirm that it is indeed possible to do ssh from one switch to another switch using just the keys ?<BR /> Can you please list down the steps.<BR /> <BR /> Also I see mention of the command " create sshd2 key-file" in this link : <A href="https://documentation.extremenetworks.com/exos_22.3/exos_21_1/security/c_user-key-based-authentication.shtml" target="_blank" rel="nofollow noreferrer noopener">https://documentation.extremenetworks.com/exos_22.3/exos_21_1/security/c_user-key-based-authentication.shtml</A><BR /> However , there is not enough details to explain how the generated keys can be used to do SSH from a remote Linux Server (or via using Putty client).<BR /> <BR /> thanks,<BR /> Sudeep Wed, 24 Apr 2019 04:14:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/scp2-from-one-switch-to-another-with-public-key-authentication/m-p/44602#M10962 Sudeep 2019-04-24T04:14:00Z