automating username/password when ssh to cisco router
in [Cisco]
|
Prev: nat problem
Next: Logging issue in CiscoSecure ACS 4.2
From: Tilman Schmidt on 18 Apr 2008 11:22 Dave Uhring schrieb: > On Wed, 16 Apr 2008 05:12:47 -0700, BertieBigBollox(a)gmail.com wrote: > >> Trying to ssh from a Sun Solaris box to a Cisco router and want to use >> a script to log in automatically without it prompting for a username >> and password. > > Public key authentication. Last I knew, Cisco still didn't support this. Old gripe of mine. Would be a nice surprise if that was finally fixed, though. -- Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
From: Tilman Schmidt on 18 Apr 2008 11:38 Dave Uhring schrieb: > On Fri, 18 Apr 2008 02:16:35 -0700, BertieBigBollox(a)gmail.com wrote: > >> Just noticed - this isnt going to work, is it? You need to send the >> authorised key to the router in question. >> >> The router in question is a cisco device, so I dont know how to do >> this... > > If you can ssh into the router you can use scp to send the key. Heh, no. Not if the router runs something non-unixoid like, say ... Cisco IOS. See: ts(a)r2d2:~> ssh gw1 show session ts(a)gw1's password: % No connections opents(a)r2d2:~> ts(a)r2d2:~> scp ~/.ssh/id_dsa.pub gw1:.ssh/authorized_keys ts(a)gw1's password: ts(a)r2d2:~> ssh gw1 show session ts(a)gw1's password: % No connections opents(a)r2d2:~> The scp command does nothing, it just terminates immediately (as can be seen from the lack of the progress line), and the router still asks for my password afterwards. HTH T. -- Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
From: Dave Uhring on 18 Apr 2008 12:15 On Fri, 18 Apr 2008 17:38:58 +0200, Tilman Schmidt wrote: > Dave Uhring schrieb: >> If you can ssh into the router you can use scp to send the key. > > Heh, no. Not if the router runs something non-unixoid like, say ... > Cisco IOS. See: Just absurd, implementing only part of a well established protocol.
From: Greg Andrews on 18 Apr 2008 14:11 Dave Uhring <daveuhring(a)yahoo.com> writes: >On Fri, 18 Apr 2008 17:38:58 +0200, Tilman Schmidt wrote: >> Dave Uhring schrieb: > >>> If you can ssh into the router you can use scp to send the key. >> >> Heh, no. Not if the router runs something non-unixoid like, say ... >> Cisco IOS. See: > >Just absurd, implementing only part of a well established protocol. > What's absurd is the assumption that the storage of a public key must follow the pattern of Unix ssh implmentations on devices that are not Unix. Cisco very likely has a method to store the public key for an account to allow non-password logins. It's probably not adding the key text to a file in a subdirectory, but something else. Has anyone consulted the Cisco documentation yet? (I don't have them in front of me at the moment) -Greg -- Do NOT reply via e-mail. Reply in the newsgroup.
From: Dave Uhring on 18 Apr 2008 14:43
On Fri, 18 Apr 2008 18:11:06 +0000, Greg Andrews wrote: > Dave Uhring <daveuhring(a)yahoo.com> writes: >>Just absurd, implementing only part of a well established protocol. >> >> > What's absurd is the assumption that the storage of a public key must > follow the pattern of Unix ssh implmentations on devices that are not > Unix. You are quite right. Cisco is certainly entitled to break generally accepted protocols. |