cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

SSH Key based authentication on 5520 32.6.1.5 (Latest Feature Release)

SSH Key based authentication on 5520 32.6.1.5 (Latest Feature Release)

danno765
New Contributor

I have a 5520 which I am trying to log into via SSH key based authentication. I followed the user manuals instructions and configured it correctly for version 31.2.1.1, however when I upgraded the box from version 31.2.1.1 to version 32.6.1.5, I could no longer authenticate without a password.

I downgraded again to make sure it worked and it did, upgraded again and it doesn't. Is this a known issue by anyone? is there any way I can fix this? It does not show up as a 'known issue' in the release notes of the patch located here: 

https://documentation.extremenetworks.com/release_notes/switchengine/32.6.1/GUID-E6056C3D-6E17-4C66-...

For reference, I have transferred my keys onto a box that was already running 32.6.1.5 following the same method as is described in that versions manual, as well as upgrading to 32.6.1.5 from a lower version that already had the authentication working. 

Any input is appreciated, thanks in advance.

EDIT: 

I have since used the command below to inspect the size of my key and it shows as 3072 bits. Additionally, my colleague tried multiple sizes including the default rsa size (non specified when generating) and one time attempted to use a much larger key which presented an error that said "key too large".

ssh-keygen -l -f ~/.ssh/id_rsa.pub


I have double checked the exact filename of the OS I have installed and it is summit_arm-32.6.1.5-patch1-2.xos and for reference, this is the version it is not working on during my, and my colleagues testing.

1 ACCEPTED SOLUTION

Stefan_K_
Valued Contributor
10 REPLIES 10

How do you know? It's not listed in the resolved issues in the release notes.

unfortunately I don't really know. We have had the same problem, submitted an error case to the manufacturer, and awaiting now any reaction. When I wanted to test it again, it works suddenly. I thought because of the os-patchlevel, anyone of my colleagues had installed the patch in the last days. But they say they have done nothing.  My ssh-client has never changed since years.

perhaps it is a timing problem. If the radius server is present and answers fast enough, the switch wants to authorize via radius and ignores the key.  

danno765
New Contributor

I have since used the command below to inspect the size of my key and it shows as 3072 bits. Additionally, my colleague tried multiple sizes including the default rsa size (non specified when generating) and one time attempted to use a much larger key which presented an error that said "key too large".

ssh-keygen -l -f ~/.ssh/id_rsa.pub

 

Stefan_K_
Valued Contributor

Hi @danno765 

Is the key 1024 or 2048 bits?

Best regards
Stefan

GTM-P2G8KFN