Generating RSA keys on client device (e.g. Ubuntu 16.04 LTS):
ssh-keygen -t rsa
which will store key in $HOME directory. Then, prompt for passphrase will appear, but we will keep it empty. The ssh key pair is generated where id_rsa.pub is the public key (we can share with the public) and id_rsa is the private key (we shall keep it secret as long as we can)
Copying public SSH key from client to router (server):
scp ~/.ssh/id_rsa.pub username@router.current.ip.address:/home/username/.ssh
For e.g. the username is edgemax and the router ip address is 192.168.1.1, the command would be:
scp ~/.ssh/id_rsa.pub edgemax@192.168.1.1:/home/edgemax
Alternatively, we use ssh-copy-id to copy the key to ~/.ssh/authorized_keys :
sudo ssh-copy-id -i .ssh/nvy_rsa.pub navoyjw@192.168.0.1
Setting ownership to username (better) if the owner of the files are not under you (check ownership or username using "ls -la /home/username/" ) as you do not need to access files as a root user [a prime security concern among GNU/Linux administrator or user]:
chown -R edgemax /home/edgemax
Setting the permission of folder in $HOME directory:
chmod 755 /home/edgemax [same as: chmod go-w /home/edgemax]
chmod 700 /home/edgemax/.ssh
chmod 600 /home/edgemax/.ssh/authorized_keys
chown edgemax: /home/edgemax/.ssh/authorized_keys
Editing the ssh_config file at path /etc/ssh/ssh_config by editing the line IdentityFile with the corresponding ssh key type (RSA in this example). Since we are using default name in this example, we keep the path and only remove the '#' character in front :
IdentityFile ~/.ssh/id_rsa
SSH in to the router using password and do the final step to activate SSH login and operate in configuration mode (edgemax@router_name:~$ configure):
loadkey /home/edgemax/.ssh/id_rsa.pub
or,
loadkey /home/edgemax/.ssh/authorized_keys #using ssh-copy-id
After loadkey command, we commit and save and exit twice to extit ssh. Now we should be able to ssh into edgerouter securely.
Follow my blog with Bloglovin
ssh-keygen -t rsa
which will store key in $HOME directory. Then, prompt for passphrase will appear, but we will keep it empty. The ssh key pair is generated where id_rsa.pub is the public key (we can share with the public) and id_rsa is the private key (we shall keep it secret as long as we can)
Copying public SSH key from client to router (server):
scp ~/.ssh/id_rsa.pub username@router.current.ip.address:/home/username/.ssh
For e.g. the username is edgemax and the router ip address is 192.168.1.1, the command would be:
scp ~/.ssh/id_rsa.pub edgemax@192.168.1.1:/home/edgemax
Alternatively, we use ssh-copy-id to copy the key to ~/.ssh/authorized_keys :
sudo ssh-copy-id -i .ssh/nvy_rsa.pub navoyjw@192.168.0.1
Setting ownership to username (better) if the owner of the files are not under you (check ownership or username using "ls -la /home/username/" ) as you do not need to access files as a root user [a prime security concern among GNU/Linux administrator or user]:
chown -R edgemax /home/edgemax
Setting the permission of folder in $HOME directory:
chmod 755 /home/edgemax [same as: chmod go-w /home/edgemax]
chmod 700 /home/edgemax/.ssh
chmod 600 /home/edgemax/.ssh/authorized_keys
chown edgemax: /home/edgemax/.ssh/authorized_keys
Editing the ssh_config file at path /etc/ssh/ssh_config by editing the line IdentityFile with the corresponding ssh key type (RSA in this example). Since we are using default name in this example, we keep the path and only remove the '#' character in front :
IdentityFile ~/.ssh/id_rsa
SSH in to the router using password and do the final step to activate SSH login and operate in configuration mode (edgemax@router_name:~$ configure):
loadkey /home/edgemax/.ssh/id_rsa.pub
or,
loadkey /home/edgemax/.ssh/authorized_keys #using ssh-copy-id
Follow my blog with Bloglovin
No comments:
Post a Comment