LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 01-21-2010, 10:42 AM   #1
m4rtin
Member
 
Registered: Sep 2007
Posts: 261

Rep: Reputation: 16
clogin automated login with key-based ssh authentication


As I understand there are two ways how one can log into the ssh server:
1. using the private key/public key system, where public key is stored in the remote device and private key is located in the local host and protected with a password
2. without public key stored in the remote device and then user has to send the password to the remote device in order to log in

Please correct me if I'm wrong. However I installed rancid(which includes clogin) and configured it accordingly:

1) PC:~ # printf 'add password * PASSWORD PASSWORD\nadd method * {ssh} {telnet:23} {rsh}\n' > /root/.cloginrc
2) PC:~# for ((i=1;i<=24;i+=1)); do printf 'configure terminal\ninterface Fa0/$i\nno description\nend\n"; done > /tmp/conf'
3) PC:~ # ./clogin -autoenable -x /tmp/conf 192.168.1.1

And after the installation I can easily make automated telnet login scripts However, I have an issue with ssh. I am trying to set up automatic ssh login to a Cisco router using clogin. However, clogin stops at the "Enter passphrase for key '/root/.ssh/id_rsa':" line. Odd part is that if I type anything the letters are seen(they shouldn't while typing in ssh password). I can cancel this "login" with Ctrl+C. Looks like ssh is attempting to use key-based authentication, and that root's private ky is protected with a password. Is it somehow possible to enable automatic ssh login using clogin while at the same time keep the key-based ssh authentication?
 
Old 01-22-2010, 01:32 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,287

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
2 options:

1. don't passwd protect the auth key (usual option).
2. use ssh-agent; basically fire up a session once as real person, supply the key, then ssh-agent will remember it and supply it to further ssh requests within same session.
 
Old 01-22-2010, 04:12 AM   #3
m4rtin
Member
 
Registered: Sep 2007
Posts: 261

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by chrism01 View Post
2 options:

1. don't passwd protect the auth key (usual option).
2. use ssh-agent; basically fire up a session once as real person, supply the key, then ssh-agent will remember it and supply it to further ssh requests within same session.
(1) Thanks! However, in order not to use password protected authentication key, I need to generate a new private/public key couple with empty passphrase(man ssh-keygen: The passphrase may be empty to indicate no passphrase) and put the new public key to the Cisco device?

(2) Thanks for this ssh-agent suggestion! I had never heard of it. I added my private key to the ssh-agent(using ssh-add; checked with ssh-add -l) and then tried to log in to my Cisco device like this:

Code:
ssh 192.168.1.1
It didn't ask for a passphrase for my ssh private key! Thats great However, if I try the fallowing:

Code:
./clogin -autoenable -c "show version" 192.168.1.1
it logs into the router just fine, but isn't able to execute this command. It just waits on the Cisco command prompt:
Code:
Cisco1841#
...and if I type manually "show version" and push ENTER, it just waits until Error: TIMEOUT reached. Any ideas, what might be wrong here?


//or maybe it has something to do with the fact, that now I need no password to log in, but there are still passwords in my .cloginrc file? However, as much as I know, this file and "add password * PASSWORD PASSWORD" line are mandatory

Last edited by m4rtin; 01-22-2010 at 10:35 AM.
 
Old 01-24-2010, 11:23 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,287

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Can't help you with Cisco/clogin I'm afraid. Glad to know at least we eliminated the client end from the problem
 
Old 01-25-2010, 12:06 PM   #5
m4rtin
Member
 
Registered: Sep 2007
Posts: 261

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by chrism01 View Post
Can't help you with Cisco/clogin I'm afraid. Glad to know at least we eliminated the client end from the problem
ok, but thanks anyway! If any other has some ideas/suggestions, those are most welcome!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with ssh key-based authentication kaplan71 Linux - Security 5 12-09-2009 10:34 AM
SSH: Automated Login via public key not working kregec05 Linux - Server 11 08-19-2009 02:49 AM
Key based authentication only for root for SSH the_gripmaster Linux - Security 4 04-18-2009 05:43 PM
how to set key based authentication in putty to login to remote redhat systems. anil.beni Linux - Newbie 1 11-28-2008 04:24 AM
SSH login attempts - how to get rid of the automated malware? alexberk Linux - Security 1 05-24-2005 04:57 AM


All times are GMT -5. The time now is 11:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration