ICX 7150 - Use own SSH-key

  • 1
  • Question
  • Updated 7 months ago
  • Acknowledged
  • (Edited)
Hello,

I want to use my own ssh key.I uploaded my own rsa key with 2048 bits with tftp.


    ip ssh pub-key-file tftp <ip_address> key_rsa2048.pub

and show up client-pub-key returns

---- BEGIN SSH2 PUBLIC KEY ----
ssh-rsa ....
---- END SSH2 PUBLIC KEY ----

And my verbose ssh debug messages:


debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA ...
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp ...
debug3: sign_and_send_pubkey: RSA ...
Enter passphrase for key ....:
debug3: send packet: type 50
debug3: receive packet: type 51
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: send packet: type 61

Also after the failed use of the ssh key the normal authentication with password doesn't work too. But without the ssh key the password authentication works .I don't understand this behaviour.

I use the 08.0.70cT211 version. Sorry for the bad layout. I tried to improve it but doesn't work.

Update 1: I upgrade to the version 08.0.90dT221. But it doesn't help.

Update 2: I run ip ssh key-authentication yes. It would be helpful to add this to the documentation.

But I have still the problem that it asks after my password.



Photo of Paul

Paul

  • 2 Posts
  • 1 Reply Like

Posted 8 months ago

  • 1
Photo of Vu Pham

Vu Pham, Employee

  • 15 Posts
  • 12 Reply Likes
Hi Paul - I think when we generate the key, it has 'ssh-rsa' at the beginning of the file. Please remove it and save the rest to another file. Make make sure it saves with the format below. Also test without ' ip ssh key-authentication yes'. Please let me know if it works for you.  Thanks. Vu



//Generate rsa key on ssh client
//Copy, Save, and upload the public key to TFTP server.
//need to take the output of the 'id_rsa.pub' and save it into a text file.

[email protected]:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKDICDTivJ8o0kLxP6wQ+ESdeUUvQtMkb3Lw1wOxhFxpDQ4g1JYSoLip6udPlBdp3rhdCy+51DZM0zbZZTwOzImzy8GIhjLZFCdLGxwE4vzWBb1lKYBSeAV1gvTqHqXxSmflK8Ox4iUGbwj0AFQtGAMK35U+GteY0EJQxOiQCyCRRxCATBx4XdPIY77LRm1qQm35oc+AO2uIcbhDgUBfY4jVW7Kfs9AKc5jcH3tDKIUz0l2t/BwRXE5Ar6E740Ftng8iP3xaT+20hOPRzWPJBlwmD/aKB3CcO4dV9kd2kSW8DSs6FxpuVI/sLIFvInvwOGkOfUNoqY5ZYXMoMCVWF [email protected]

//it need to be in this format:

---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKDICDTivJ8o0kLxP6wQ+ESdeUUvQtMkb3Lw1wOxhFxpDQ4g1JYSoLip6udPlBdp3rhdCy+51DZM0zbZZTwOzImzy8GIhjLZFCdLGxwE4vzWBb1lKYBSeAV1gvTqHqXxSmflK8Ox4iUGbwj0AFQtGAMK35U+GteY0EJQxOiQCyCRRxCATBx4XdPIY77LRm1qQm35oc+AO2uIcbhDgUBfY4jVW7Kfs9AKc5jcH3tDKIUz0l2t/BwRXE5Ar6E740Ftng8iP3xaT+20hOPRzWPJBlwmD/aKB3CcO4dV9kd2kSW8DSs6FxpuVI/sLIFvInvwOGkOfUNoqY5ZYXMoMCVWF
---- END SSH2 PUBLIC KEY ----
Photo of Paul

Paul

  • 2 Posts
  • 1 Reply Like
Thanks for your answer. It helped!


I fixed it with the command ssh-keygen -e -f id_rsa.pub > pkeys.txt. I gues you use the RFC 4716 standard. So I could also use comments. Please add this to the documentation.
(Edited)