SCP2 from one switch to another with Public key authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-30-2015 09:32 AM
Hi everybody!
I'd like to copy configuration file (like switch.cfg) from one switch to another directly by SCP2. Can I set public key authentication between swithces? I know how to load public key to switch, but can XOS generate this public key?
I hope you get my idea.
If it impossible, can you suggest me another way to do it (TFTP or something) please?
I'd like to copy configuration file (like switch.cfg) from one switch to another directly by SCP2. Can I set public key authentication between swithces? I know how to load public key to switch, but can XOS generate this public key?
I hope you get my idea.
If it impossible, can you suggest me another way to do it (TFTP or something) please?
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-30-2015 01:02 PM
I updated our KB article about this topic to make it easier to find, and added all the details I provided to you. Let me know If this works for you.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-user-key-based-authentica...
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-user-key-based-authentica...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-30-2015 01:02 PM
Thank you. It works!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-23-2019 09:14 PM
Hi Stephen,
So can you please confirm that it is indeed possible to do ssh from one switch to another switch using just the keys ?
Can you please list down the steps.
Also I see mention of the command " create sshd2 key-file" in this link : https://documentation.extremenetworks.com/exos_22.3/exos_21_1/security/c_user-key-based-authenticati...
However , there is not enough details to explain how the generated keys can be used to do SSH from a remote Linux Server (or via using Putty client).
thanks,
Sudeep
So can you please confirm that it is indeed possible to do ssh from one switch to another switch using just the keys ?
Can you please list down the steps.
Also I see mention of the command " create sshd2 key-file" in this link : https://documentation.extremenetworks.com/exos_22.3/exos_21_1/security/c_user-key-based-authenticati...
However , there is not enough details to explain how the generated keys can be used to do SSH from a remote Linux Server (or via using Putty client).
thanks,
Sudeep
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-30-2015 12:15 PM
Ok I got it working. You can use public key authentication but you can't generate them from the switch.
1) Generate RSA keys in linux server using the following commands
ssh-keygen -f sub_rsa_1024 -t rsa -b 1024
2) Now copy-paste the sub_rsa_1024.pub (public file)contents using the following command and associate it with admin user.
Switch# create sshd2 user-key sub_rsa_1024 AAAAB3NzaC1yc2EAAAADAQABAAEXOSisCOOL80aYjF1rpveAyFzCHhMJp7N61a43FY7sZPnxQpkSxjsuJ/gda2D+biiYmd3bpinGtcd+k3mANk4K+LT/wtA4I0wStF5eT5Jg8aN5HPEMdhvHhPJH1IodeQDotqfRRXAup4IgYvk5eT/ndYDRzqKsgwuNKO8kwTUgw==
Switch# configure sshd2 user-key sub_rsa_1024 add user admin
3)Try logging in using the user with the key from the SSH client
ssh -i /root/.ssh/sub_rsa_1024 admin@192.0.2.100
Logs from the switch:
09/30/2015 10:08:07.94 Msg from Master : Did key authentication for user admin (192.0.2.200)
09/30/2015 10:08:07.94 Msg from Master : Login passed for user admin through ssh (192.0.2.200)
09/30/2015 10:08:07.94 Msg from Master : Found valid key for user admin
SW login:
login as: admin
Authenticating with public key "rsa-key-20150930"
ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the or '?' key at any time for completions.
Remember to save your configuration changes.
Switch#
1) Generate RSA keys in linux server using the following commands
ssh-keygen -f sub_rsa_1024 -t rsa -b 1024
2) Now copy-paste the sub_rsa_1024.pub (public file)contents using the following command and associate it with admin user.
Switch# create sshd2 user-key sub_rsa_1024 AAAAB3NzaC1yc2EAAAADAQABAAEXOSisCOOL80aYjF1rpveAyFzCHhMJp7N61a43FY7sZPnxQpkSxjsuJ/gda2D+biiYmd3bpinGtcd+k3mANk4K+LT/wtA4I0wStF5eT5Jg8aN5HPEMdhvHhPJH1IodeQDotqfRRXAup4IgYvk5eT/ndYDRzqKsgwuNKO8kwTUgw==
Switch# configure sshd2 user-key sub_rsa_1024 add user admin
3)Try logging in using the user with the key from the SSH client
ssh -i /root/.ssh/sub_rsa_1024 admin@192.0.2.100
Logs from the switch:
09/30/2015 10:08:07.94 Msg from Master : Did key authentication for user admin (192.0.2.200)
09/30/2015 10:08:07.94 Msg from Master : Login passed for user admin through ssh (192.0.2.200)
09/30/2015 10:08:07.94 Msg from Master : Found valid key for user admin
SW login:
login as: admin
Authenticating with public key "rsa-key-20150930"
ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the or '?' key at any time for completions.
Remember to save your configuration changes.
Switch#
