clogin automated login with key-based ssh authentication
 

As I understand there are two ways how one can log into the ssh server:
1. using the private key/public key system, where public key is stored in the remote device and private key is located in the local host and protected with a password
2. without public key stored in the remote device and then user has to send the password to the remote device in order to log in

Please correct me if I'm wrong. However I installed rancid(which includes clogin) and configured it accordingly:

1) PC:~ # printf 'add password * PASSWORD PASSWORD\nadd method * {ssh} {telnet:23} {rsh}\n' > /root/.cloginrc
2) PC:~# for ((i=1;i<=24;i+=1)); do printf 'configure terminal\ninterface Fa0/$i\nno description\nend\n"; done > /tmp/conf'
3) PC:~ # ./clogin -autoenable -x /tmp/conf 192.168.1.1

And after the installation I can easily make automated telnet login scripts :) However, I have an issue with ssh. I am trying to set up automatic ssh login to a Cisco router using clogin. However, clogin stops at the "Enter passphrase for key '/root/.ssh/id_rsa':" line. Odd part is that if I type anything the letters are seen(they shouldn't while typing in ssh password). I can cancel this "login" with Ctrl+C. Looks like ssh is attempting to use key-based authentication, and that root's private ky is protected with a password. Is it somehow possible to enable automatic ssh login using clogin while at the same time keep the key-based ssh authentication? :rolleyes:

2 options:

1. don't passwd protect the auth key (usual option).
2. use ssh-agent; basically fire up a session once as real person, supply the key, then ssh-agent will remember it and supply it to further ssh requests within same session.

(1) Thanks! However, in order not to use password protected authentication key, I need to generate a new private/public key couple with empty passphrase(man ssh-keygen: The passphrase may be empty to indicate no passphrase) and put the new public key to the Cisco device?

(2) Thanks for this ssh-agent suggestion! I had never heard of it. I added my private key to the ssh-agent(using ssh-add; checked with ssh-add -l) and then tried to log in to my Cisco device like this:

It didn't ask for a passphrase for my ssh private key! Thats great :) However, if I try the fallowing:

it logs into the router just fine, but isn't able to execute this command. It just waits on the Cisco command prompt:
...and if I type manually "show version" and push ENTER, it just waits until Error: TIMEOUT reached. Any ideas, what might be wrong here? :rolleyes:


//or maybe it has something to do with the fact, that now I need no password to log in, but there are still passwords in my .cloginrc file? However, as much as I know, this file and "add password * PASSWORD PASSWORD" line are mandatory :rolleyes:

Can't help you with Cisco/clogin I'm afraid. Glad to know at least we eliminated the client end from the problem :)

ok, but thanks anyway! :) If any other has some ideas/suggestions, those are most welcome!