clogin automated login with key-based ssh authentication
As I understand there are two ways how one can log into the ssh server:
1. using the private key/public key system, where public key is stored in the remote device and private key is located in the local host and protected with a password 2. without public key stored in the remote device and then user has to send the password to the remote device in order to log in Please correct me if I'm wrong. However I installed rancid(which includes clogin) and configured it accordingly: 1) PC:~ # printf 'add password * PASSWORD PASSWORD\nadd method * {ssh} {telnet:23} {rsh}\n' > /root/.cloginrc 2) PC:~# for ((i=1;i<=24;i+=1)); do printf 'configure terminal\ninterface Fa0/$i\nno description\nend\n"; done > /tmp/conf' 3) PC:~ # ./clogin -autoenable -x /tmp/conf 192.168.1.1 And after the installation I can easily make automated telnet login scripts :) However, I have an issue with ssh. I am trying to set up automatic ssh login to a Cisco router using clogin. However, clogin stops at the "Enter passphrase for key '/root/.ssh/id_rsa':" line. Odd part is that if I type anything the letters are seen(they shouldn't while typing in ssh password). I can cancel this "login" with Ctrl+C. Looks like ssh is attempting to use key-based authentication, and that root's private ky is protected with a password. Is it somehow possible to enable automatic ssh login using clogin while at the same time keep the key-based ssh authentication? :rolleyes: |
2 options:
1. don't passwd protect the auth key (usual option). 2. use ssh-agent; basically fire up a session once as real person, supply the key, then ssh-agent will remember it and supply it to further ssh requests within same session. |
Quote:
(2) Thanks for this ssh-agent suggestion! I had never heard of it. I added my private key to the ssh-agent(using ssh-add; checked with ssh-add -l) and then tried to log in to my Cisco device like this: Code:
ssh 192.168.1.1 Code:
./clogin -autoenable -c "show version" 192.168.1.1 Code:
Cisco1841# //or maybe it has something to do with the fact, that now I need no password to log in, but there are still passwords in my .cloginrc file? However, as much as I know, this file and "add password * PASSWORD PASSWORD" line are mandatory :rolleyes: |
Can't help you with Cisco/clogin I'm afraid. Glad to know at least we eliminated the client end from the problem :)
|
Quote:
|
All times are GMT -5. The time now is 02:13 PM. |