How to create a reboot schedule for Extreme Networks Identify AP’s
1. Log into the controller via SSH
2. Input the username and password for the controller (same as the web GUI login). Then after login type shell. Enter the password that you used to log into the controller.
3. On the controller, run 'ssh-keygen’ and go through the prompts to create a public (id_rsa.pub) and private (id_rsa) keypair for use with authentication. These get dumped into a .ssh folder in the user's directory (in this case, root, so /root). There's an option to apply a passphrase to the private key, but opted not to do it, as it would have to be put in before connecting (basically, it provides the option to provide a password locally to unlock a key instead of sending a password over the network for authentication)
After running ssh-keygen you will get a pblic key similar to this. Example:
7. Then hit the esc button and then type ctrl+q then w then q then ! (This will write, save, and quit the file in vi
8. Now ssh into every AP and paste this command
On each AP, we created a folder .ssh in /root, and created a file inside called 'authorized_keys', in which we put the contents of the controller's id_rsa.pub file. When connecting via SSH, the combo of the controller's private key and public key in the authorized_keys file will complete the authentication without the need for a password.
One thing to note is that for each device you connect to, if it's the first time, it'll prompt you with a message about the host fingerprint, e.g.:
The authenticity of host 'my.computer.local (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is 6a??e0??56:f8:0c:04:11:5b:ef:4d:49??09:23.
Are you sure you want to continue connecting (yes/no)?
When you continue connecting, that key/hostname/ip combo gets put in the controller's 'known_hosts' file, also in the .ssh directory. Subsequent connections verify that the host fingerprint matches (to prevent man-in-the-middle attacks); if the host you're connecting to has had OpenSSH reinstalled (due to format, etc.), the fingerprint will probably change, no longer match, and fail to connect. You would need to edit the 'known_hosts' file and remove the old entry(This will allow the controller to SSH into the AP without a password)
To do this, you would take the key that was created in ssh-keygen and place it into this small script that you can copy and paste after you ssh into the AP.Example:
Please note, we typically don't suggest access to the ap shell unless it's for debugging reasons. When gaining access to the shell we specifically note at the login prompt: "AP3805e 09.21.04.0007 interactive shell for service personnel only"Scripts accessing the shell or any modifications to an ap via shell would not be supported if any issues arise.