Application Integration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to setup Nimble OS to use SSH Authentication using an RSA Key

rfenton4
Honored Contributor

How to setup Nimble OS to use SSH Authentication using an RSA Key

Scripting but don't wish to supply a password ?

Here's how you can set it up securely

You can create a SSH key with Nimble OS which will allow you to pass commands without passing the password and instead ssh will pass the key for authentication (which is essential for scripting!).  Here's how you set it up....

First on your client/pc/laptop, generate your key (I'm running on OSX so here's the command):

Start a terminal session

ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/Rich/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /Users/Rich/.ssh/id_rsa.

Your public key has been saved in /Users/Rich/.ssh/id_rsa.pub.

The key fingerprint is:

XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Rich@Richs-MacBook-Pro.local

Next view the id_rsa.pub file;

cat /Users/Rich/.ssh/id_rsa.pub

(and copy and paste the key contents to your clipboard)

Now login to your Nimble controller via CLI and run:

sshkey --add richkey --type rsa --key <the key you copied from the previous step>

(you can view installed keys using sshkey --list)

sshkey --list

-------------------+--------------------

Name                Type

-------------------+--------------------

richkey              rsa 

and now try and run your command from your client (all being well it should run without prompting for a password):


ssh -l admin 192.168.1.200 version

1.4.6.0-39995-opt

Now to free to start the scripting....

5 REPLIES
rfenton4
Honored Contributor

Re: How to setup Nimble OS to use SSH Authentication using an RSA Key

Here's a link to perform keygen on a Windows client:

Windows SSH Key Generation

ipro-bgardner5
Occasional Visitor

Re: How to setup Nimble OS to use SSH Authentication using an RSA Key

Thanks for this write up.

I had some trouble with this initally.

When I cat my id_rsa.pub file, it looks like this:

    ssh-rsa <a bunch of encrypted text> <username>@<my workstation hostname>

If I use all of this in the sshkey --add command, passwordless login does not work.

If I make the sshkey command look like this it works:

    sshkey --add <key name> --type rsa --key "<a bunch of encrypted text> <username>@<my workstation hostname>"

Note the lack of the leading "ssh-rsa" in the key text.

glporter82
Occasional Visitor

Re: How to setup Nimble OS to use SSH Authentication using an RSA Key

Note also that you have to do this as the target user, you can not do this for someone else (manage another's keys).

Only users with the role of Administrator can do this, can manage their own keys.  So you must be logged in as the user who needs the keys, and you must have the role Administrator.

ccolht99
Advisor

Re: How to setup Nimble OS to use SSH Authentication using an RSA Key

Figured out you only need to be an administrator to setup the key. Once it is there the role can be reduced. I'm using this to pull stats as a guest.

jhoo26
Occasional Visitor

Re: How to setup Nimble OS to use SSH Authentication using an RSA Key

Note: DSA Keys are not supported in Nimble OS 2.3.8.0 and later releases. Although the key type of DSA may be an available option, it will not work in later releases.  Always use RSA key type as referenced in the above discussion.


Starting with Nimble OS 2.3.8.0, openSSH version 7.1 and later is used.


DSA keys are no longer considered secure and are disabled by openSSH versions 7.0 and later.

https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html