hans_peter_bpw9qivqccpsp's profile

3 Messages


100 Points

Fri, Jan 24, 2020 4:33 PM

ICX 7150 - Use own SSH-key


I want to use my own ssh key.I uploaded my own rsa key with 2048 bits with tftp.

    ip ssh pub-key-file tftp key_rsa2048.pub

and show up client-pub-key returns

ssh-rsa ....

And my verbose ssh debug messages:

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA ...
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp ...
debug3: sign_and_send_pubkey: RSA ...
Enter passphrase for key ....:
debug3: send packet: type 50
debug3: receive packet: type 51
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug3: send packet: type 61

Also after the failed use of the ssh key the normal authentication with password doesn't work too. But without the ssh key the password authentication works .I don't understand this behaviour.

I use the 08.0.70cT211 version. Sorry for the bad layout. I tried to improve it but doesn't work.

Update 1: I upgrade to the version 08.0.90dT221. But it doesn't help.

Update 2: I run ip ssh key-authentication yes. It would be helpful to add this to the documentation.

But I have still the problem that it asks after my password.



22 Messages


538 Points

2 y ago

Hi Paul - I think when we generate the key, it has 'ssh-rsa' at the beginning of the file. Please remove it and save the rest to another file. Make make sure it saves with the format below. Also test without ' ip ssh key-authentication yes'. Please let me know if it works for you.  Thanks. Vu

//Generate rsa key on ssh client
//Copy, Save, and upload the public key to TFTP server.
//need to take the output of the 'id_rsa.pub' and save it into a text file.

administrator@ubuntu:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKDICDTivJ8o0kLxP6wQ+ESdeUUvQtMkb3Lw1wOxhFxpDQ4g1JYSoLip6udPlBdp3rhdCy+51DZM0zbZZTwOzImzy8GIhjLZFCdLGxwE4vzWBb1lKYBSeAV1gvTqHqXxSmflK8Ox4iUGbwj0AFQtGAMK35U+GteY0EJQxOiQCyCRRxCATBx4XdPIY77LRm1qQm35oc+AO2uIcbhDgUBfY4jVW7Kfs9AKc5jcH3tDKIUz0l2t/BwRXE5Ar6E740Ftng8iP3xaT+20hOPRzWPJBlwmD/aKB3CcO4dV9kd2kSW8DSs6FxpuVI/sLIFvInvwOGkOfUNoqY5ZYXMoMCVWF administrator@ubuntu

//it need to be in this format:


3 Messages


100 Points

2 y ago

Thanks for your answer. It helped!

I fixed it with the command ssh-keygen -e -f id_rsa.pub > pkeys.txt. I gues you use the RFC 4716 standard. So I could also use comments. Please add this to the documentation.

3 Messages


96 Points

2 m ago

How do you select which user on the ICX is associated with this key?

Or does adding the key itself create a new user?

Important Announcement