Benutzer-Werkzeuge

Webseiten-Werkzeuge


english:ssh_key_aos_r6

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

english:ssh_key_aos_r6 [2014/06/19 15:30] (aktuell)
benny angelegt
Zeile 1: Zeile 1:
 +====== Login to OmniSwitch AOS R6 via SSH private/public key ======
 +
 +Before you can login to an Alcatel-Lucent OmniSwitch running AOS Release 6 via "SSH private/public-key", you'll firstly need a key.
 +
 +**Create private/public-key for AOS R6 login:**
 +<code>
 +Benny$ ssh-keygen -t dsa -C sshuser
 +Generating public/private dsa key pair.
 +Enter file in which to save the key (/Users/Benny/.ssh/id_dsa): sshuser
 +Enter passphrase (empty for no passphrase): 
 +Enter same passphrase again: 
 +Your identification has been saved in sshuser.
 +Your public key has been saved in sshuser.pub.
 +The key fingerprint is:
 +ae:7f:0f:a9:f6:e4:70:93:9e:95:59:96:d5:56:01:01 sshuser
 +The key's randomart image is:
 ++--[ DSA 1024]----+
 +|           E.oo.o|
 +|                o|
 +|                +|
 +|               + |
 +|        S      |
 +|         o =   |
 +|        o B +    |
 +|       ..B.=     |
 +|      .ooo=..    |
 ++-----------------+
 +Benny$ ls
 +sshuser.pub
 +sshuser
 +</code>
 +
 +<WRAP center round tip 60%>
 +You should protect your private key with a strong passphrase and __never__ upload it to a switch/remote system.
 +</WRAP>
 +
 +
 +**For a successful authentication you need to create a user on the OmniSwitch:**
 +<code>
 +OmniSwitch-> user sshuser read-write all password verysecret123
 +OmniSwitch-> show user
 +...
 +User name = sshuser,
 +  Password expiration     = None,
 +  Password allow to be modified date     = None,
 +  Account lockout     = None,
 +  Password bad attempts     = 0,
 +  Read Only for domains   = None,
 +  Read/Write for domains  = All ,
 +  Snmp allowed     = NO,
 +  Console-Only    = Disabled
 +</code>
 +<WRAP center round tip 60%>
 +**Trap:**
 +The OmniSwitch will look for a file called "sshuser**_dsa**.pub" in directory ///flash/network/pub//! If you don't follow this requirement, you'll encounter the following error message.
 +</WRAP>
 +
 +<code>
 +Benny$ ssh -i sshuser sshuser@192.168.2.106
 +Received disconnect from 192.168.2.106: 2: Only Public Key authentication is allowed.
 +</code>
 +
 +**Analysis:**
 +<code>
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] userauth-request for user sshuser service ssh-connection method publick
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [Count.]ey
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] attempt 1 failures 1
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] authmethod_lookup, (0) name: publickey
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] authmethod_lookup,   auth method: none, len: 4
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] authmethod_lookup, (1) name: publickey
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] authmethod_lookup,   auth method: publickey, len: 9
 +SUN DEC 31 01:59:31 2000            SSH  debug2 [SSH 16] input_userauth_request: try method publickey
 +SUN DEC 31 01:59:31 2000            SSH  debug2 [SSH 16] userauth_pubkey(): user=sshuser
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] test whether pkalg/pkblob are acceptable
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] user_key_allowed: PubKey file = "/flash/network/pub/sshuser_dsa.pub"
 +SUN DEC 31 01:59:31 2000            SSH  debug1 [SSH 16] user_key_allowed: can not find file "/flash/network/pub/sshuser_dsa.pub
 +</code>
 +
 +**Upload the SSH public-key via FTP (ASCII):**
 +<code>
 +Benny$ ftp 192.168.2.106
 +Connected to 192.168.2.106.
 +220 FTP server ready
 +Name (192.168.2.106:Benny): admin
 +331 Password required
 +Password: 
 +230-
 +  
 +Welcome to the Alcatel-Lucent OmniSwitch 6450
 +Software Version 6.6.3.451.R01 Service Release, December 20, 2012. 
 +
 +Copyright(c), 1994-2012 Alcatel-Lucent. All Rights reserved.
 +
 +OmniSwitch(TM) is a trademark of Alcatel-Lucent registered
 +in the United States Patent and Trademark Office.
 +  
 +230 
 +ftp> cd ..
 +250 Changed directory to "/flash"
 +ftp> cd network/pub
 +250 Changed directory to "/flash/network/pub"
 +ftp> put sshuser.pub sshuser_dsa.pub
 +local: sshuser.pub remote: sshuser_dsa.pub
 +229 Entering Extended Passive Mode (|||1125|)
 +150 Opening ASCII mode data connection
 +100% |**************************************************************************************|   598        6.00 MiB/s    --:-- ETA
 +226 Transfer complete
 +598 bytes sent in 00:00 (51.42 KiB/s)
 +ftp> bye
 +221 Bye...see you later
 +</code>
 +
 +**In the following example we specify the identity to be used with -i. The username (that needs to exist on the OmniSwitch) is specified in front of the @ sign:**
 +<code>
 +Benny$ ssh -i sshuser sshuser@192.168.2.106
 +  
 +Welcome to the Alcatel-Lucent OmniSwitch 6450
 +Software Version 6.6.3.451.R01 Service Release, December 20, 2012. 
 +
 +Copyright(c), 1994-2012 Alcatel-Lucent. All Rights reserved.
 +
 +OmniSwitch(TM) is a trademark of Alcatel-Lucent registered
 +in the United States Patent and Trademark Office.
 +  
 +OmniSwitch-> 
 +</code>
 +
 +<WRAP center round tip 60%>
 +If there is a public-key for a user on the OmniSwitch, this takes priority over RADIUS authentication. As a consequence the user "sshuser" will always be authenticated locally against the key.
 +</WRAP>
  
english/ssh_key_aos_r6.txt · Zuletzt geändert: 2014/06/19 15:30 von benny