https://community.ruckuswireless.com/t5/ICX-Switches/SSH-config-for-Ansible-use/m-p/97872#M6937 <P>I am in the process of building an Ansible server for the first time.&nbsp; I've typically used Putty to connect to my ICX switches running 08.0.95g.&nbsp; SSH just kinda worked with Putty without any configuration.&nbsp; Now I'm using OpenSSH client on an Ubuntu 22.04.&nbsp; I read that there is no longer support for dsa authentication with the new OpenSSH client in Ubuntu, so I setup rsa on the switch.&nbsp; Here's what I've done so far:<BR /><BR /></P><OL><LI>Enabling ssh on switch - "crypto key generate rsa"</LI><LI>Create keys on Ansible Host - "ssh-keygen -t ed25519 -C "Ansible""</LI><LI>Add required header and footer to id_ed25519.pub file (Required by switch due to newer version of OpenSSH on Ansible host - ssh-keygen doesn't put them there anymore)</LI><LI>Transfer the public key on the Ansible host to tftp server&nbsp;</LI><LI>Transfer the Ansible host public key to switch from tftp server - "ip ssh pub-key-file tftp x.x.x.x id_ed25519.pub"</LI><LI>run "show ip client-pub-key" on the switch to verify the Ansible host pub key is setup</LI><LI>From Ansible host, ssh to switch, accept the key transfer, and verify login is accepted&nbsp;</LI></OL><P>At this point I'm prompted for a password instead of just being given a command prompt.&nbsp; I'm not sure what I'm doing wrong, but I've never configured this before so most likely I'm the problem.&nbsp; Here is my switch's ssh config:</P><P>#sh ip ssh config<BR />SSH server : Enabled<BR />SSH port : tcp\22<BR />Host Key : DSA 1024, RSA 1024<BR />Encryption : aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, aes128-ctr, 3des-cbc<BR />Permit empty password : No<BR />Authentication methods : Password, Public-key, Interactive<BR />Authentication retries : 3<BR />Login timeout (seconds) : 120<BR />Idle timeout (minutes) : 5<BR />SCP : Enabled<BR />SSH IPv4 clients : All<BR />SSH IPv6 clients : All<BR />SSH IPv4 access-group :<BR />SSH IPv6 access-group :<BR />SSH Client Keys :<BR />Client Rekey : 0 Minute, 0 KB<BR />Server Rekey : 0 Minute, 0 KB</P> Thu, 26 Sep 2024 15:43:28 GMT ericbord 2024-09-26T15:43:28Z https://community.ruckuswireless.com/t5/ICX-Switches/SSH-config-for-Ansible-use/m-p/97872#M6937 <P>I am in the process of building an Ansible server for the first time.&nbsp; I've typically used Putty to connect to my ICX switches running 08.0.95g.&nbsp; SSH just kinda worked with Putty without any configuration.&nbsp; Now I'm using OpenSSH client on an Ubuntu 22.04.&nbsp; I read that there is no longer support for dsa authentication with the new OpenSSH client in Ubuntu, so I setup rsa on the switch.&nbsp; Here's what I've done so far:<BR /><BR /></P><OL><LI>Enabling ssh on switch - "crypto key generate rsa"</LI><LI>Create keys on Ansible Host - "ssh-keygen -t ed25519 -C "Ansible""</LI><LI>Add required header and footer to id_ed25519.pub file (Required by switch due to newer version of OpenSSH on Ansible host - ssh-keygen doesn't put them there anymore)</LI><LI>Transfer the public key on the Ansible host to tftp server&nbsp;</LI><LI>Transfer the Ansible host public key to switch from tftp server - "ip ssh pub-key-file tftp x.x.x.x id_ed25519.pub"</LI><LI>run "show ip client-pub-key" on the switch to verify the Ansible host pub key is setup</LI><LI>From Ansible host, ssh to switch, accept the key transfer, and verify login is accepted&nbsp;</LI></OL><P>At this point I'm prompted for a password instead of just being given a command prompt.&nbsp; I'm not sure what I'm doing wrong, but I've never configured this before so most likely I'm the problem.&nbsp; Here is my switch's ssh config:</P><P>#sh ip ssh config<BR />SSH server : Enabled<BR />SSH port : tcp\22<BR />Host Key : DSA 1024, RSA 1024<BR />Encryption : aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, aes128-ctr, 3des-cbc<BR />Permit empty password : No<BR />Authentication methods : Password, Public-key, Interactive<BR />Authentication retries : 3<BR />Login timeout (seconds) : 120<BR />Idle timeout (minutes) : 5<BR />SCP : Enabled<BR />SSH IPv4 clients : All<BR />SSH IPv6 clients : All<BR />SSH IPv4 access-group :<BR />SSH IPv6 access-group :<BR />SSH Client Keys :<BR />Client Rekey : 0 Minute, 0 KB<BR />Server Rekey : 0 Minute, 0 KB</P> Thu, 26 Sep 2024 15:43:28 GMT https://community.ruckuswireless.com/t5/ICX-Switches/SSH-config-for-Ansible-use/m-p/97872#M6937 ericbord 2024-09-26T15:43:28Z https://community.ruckuswireless.com/t5/ICX-Switches/SSH-config-for-Ansible-use/m-p/98068#M6950 <P>Hello Eric<BR /><BR />The SSH configuration looks correct on our side. However, since you need to make changes to a third-party device, we can't provide more information about their configuration.</P> <P>Please contact the vendor for assistance with their setup. If you need help with anything Ruckus-related, let us know.</P> <DIV>Kind regards,</DIV> <DIV>Sofia Gätjens</DIV> <DIV>Technical Support Engineer | L2 TAC Wired</DIV> <DIV><U>&nbsp;</U></DIV> <DIV><U>COMMSCOPE</U></DIV> <DIV>now meets next</DIV> <P><BR /><BR /></P> Tue, 01 Oct 2024 17:54:11 GMT https://community.ruckuswireless.com/t5/ICX-Switches/SSH-config-for-Ansible-use/m-p/98068#M6950 Sgatjens 2024-10-01T17:54:11Z