cancel
Showing results for 
Search instead for 
Did you mean: 

ICX 7150 - Use own SSH-key

hans_peter_bpw9
New Contributor II
Hello,

I want to use my own ssh key.I uploaded my own rsa key with 2048 bits with tftp.


    ip ssh pub-key-file tftp key_rsa2048.pub

and show up client-pub-key returns

---- BEGIN SSH2 PUBLIC KEY ----
ssh-rsa ....
---- END SSH2 PUBLIC KEY ----

And my verbose ssh debug messages:


debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA ...
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp ...
debug3: sign_and_send_pubkey: RSA ...
Enter passphrase for key ....:
debug3: send packet: type 50
debug3: receive packet: type 51
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: send packet: type 61

Also after the failed use of the ssh key the normal authentication with password doesn't work too. But without the ssh key the password authentication works .I don't understand this behaviour.

I use the 08.0.70cT211 version. Sorry for the bad layout. I tried to improve it but doesn't work.

Update 1: I upgrade to the version 08.0.90dT221. But it doesn't help.

Update 2: I run ip ssh key-authentication yes. It would be helpful to add this to the documentation.

But I have still the problem that it asks after my password.



3 REPLIES 3

vu_pham_ghtztqm
New Contributor III
Hi Paul - I think when we generate the key, it has 'ssh-rsa' at the beginning of the file. Please remove it and save the rest to another file. Make make sure it saves with the format below. Also test without ' ip ssh key-authentication yes'. Please let me know if it works for you.  Thanks. Vu



//Generate rsa key on ssh client
//Copy, Save, and upload the public key to TFTP server.
//need to take the output of the 'id_rsa.pub' and save it into a text file.

administrator@ubuntu:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKDICDTivJ8o0kLxP6wQ+ESdeUUvQtMkb3Lw1wOxhFxpDQ4g1JYSoLip6udPlBdp3rhdCy+51DZM0zbZZTwOzImzy8GIhjLZFCdLGxwE4vzWBb1lKYBSeAV1gvTqHqXxSmflK8Ox4iUGbwj0AFQtGAMK35U+GteY0EJQxOiQCyCRRxCATBx4XdPIY77LRm1qQm35oc+AO2uIcbhDgUBfY4jVW7Kfs9AKc5jcH3tDKIUz0l2t/BwRXE5Ar6E740Ftng8iP3xaT+20hOPRzWPJBlwmD/aKB3CcO4dV9kd2kSW8DSs6FxpuVI/sLIFvInvwOGkOfUNoqY5ZYXMoMCVWF administrator@ubuntu

//it need to be in this format:

---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQDDKDICDTivJ8o0kLxP6wQ+ESdeUUvQtMkb3Lw1wOxhFxpDQ4g1JYSoLip6udPlBdp3rhdCy+51DZM0zbZZTwOzImzy8GIhjLZFCdLGxwE4vzWBb1lKYBSeAV1gvTqHqXxSmflK8Ox4iUGbwj0AFQtGAMK35U+GteY0EJQxOiQCyCRRxCATBx4XdPIY77LRm1qQm35oc+AO2uIcbhDgUBfY4jVW7Kfs9AKc5jcH3tDKIUz0l2t/BwRXE5Ar6E740Ftng8iP3xaT+20hOPRzWPJBlwmD/aKB3CcO4dV9kd2kSW8DSs6FxpuVI/sLIFvInvwOGkOfUNoqY5ZYXMoMCVWF
---- END SSH2 PUBLIC KEY ----

hans_peter_bpw9
New Contributor II
Thanks for your answer. It helped!


I fixed it with the command ssh-keygen -e -f id_rsa.pub > pkeys.txt. I gues you use the RFC 4716 standard. So I could also use comments. Please add this to the documentation.

unreal_servers
New Contributor II

How do you select which user on the ICX is associated with this key?

Or does adding the key itself create a new user?