cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Bill_Ng
Nickel

SSH authentication using RSA for uid=0

All,

I'm trying to write a bash script to run from my management station to connect to the gateways via ssh. I would like to utilize the login without password prompting. I followed sk95890 - How to configure SSH authentication on Gaia OS using RSA key files , but the problem is that the user cannot type in any GAIA commands. I then tried changing the uid of the user to uid=0, but that broke the authentication piece of it and I have to type in passwords. Anyone know of a way this can be accomplished with uid=0 account?

I apologize in advance if this is a double post from the day before.

Thanks in advance,

Bill

0 Kudos
9 Replies
Admin
Admin

Re: SSH authentication using RSA for uid=0

Generally when you call ssh from a script, it's done in non-interactive mode, meaning you cannot interactively enter commands.

Can you share with us the relevant script fragment?

0 Kudos
Bill_Ng
Nickel

Re: SSH authentication using RSA for uid=0

Hi Dameon,

I'm trying to use 'ssh -i /home/user1/.ssh/id_rsa 10.10.10.10 fw ver'.  user1 was created within the GAIA portal with uid=0.  The problem is that I can't get user1 to use the id_rsa file correctly to authenticate to the gateway.  It still prompts me for a password.  I noticed that when I created the rsa key it actually put it in /home/admin/.ssh.  If I changed the uid to 103 or something else I can use the id_rsa fine, but I can't fun the GAIA commands like 'fw ver, cphaprob stat' and others.

Hope that makes sense.  Let me know if you need more info.

Thanks

0 Kudos
Admin
Admin

Re: SSH authentication using RSA for uid=0

What error do you get with that SSH command?

I suspect the issue is that the environment variables aren't getting set correctly for this other user.

0 Kudos
Bill_Ng
Nickel

Re: SSH authentication using RSA for uid=0

I'm not getting an error per se. It's still prompting me for password to sign when I run that command from my management station to the gateway.

0 Kudos
Bill_Ng
Nickel

Re: SSH authentication using RSA for uid=0

More info.

I was able to get the default 'admin' to authenticate to the gateway with rsa key.  The shell for 'admin' is /etc/cli.sh.  I want to keep the admin in clish.  So I created an admin-like user from the portal named 'user1' and changed the shell for that account to /bin/bash.  I followed all the same steps I did with the default 'admin' account.  I noticed when 'ssh-keygen' for the user1 account it by default wants to write it to /home/admin/.ssh not /home/user1/.ssh.  I did change the location to /home/user1/.ssh/ and named the file user1_rsa.  It created user1_rsa and user1_rsa.pub. and at the end of the file it puts in admin@managementservername and not user1@managementservername.  

0 Kudos

Re: SSH authentication using RSA for uid=0

just put content of rsa key from /home/admin/.ssh into ".ssh/authorized_keys" under user where you are running script and execute ssh like this:

ssh my_test_user@ip_address

On remote host you need to have created user "my_test_user", create hidden folder .ssh under /home/my_test_user/,  create file "authorized_keys" in that folder and put rsa key already generated.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: SSH authentication using RSA for uid=0

Then the other question is why would you want to run a SSH session from management to the GW? Why not use cprid to execute a script on the GW?

Regards, Maarten

Re: SSH authentication using RSA for uid=0

yep, the best option.

more info (including script) here.

Kind regards,
Jozko Mrkvicka
0 Kudos
Bill_Ng
Nickel

Re: SSH authentication using RSA for uid=0

Hi Jozko,

Thanks.  That did the trick for SSH.  It works now with the other ID.

Hi Maarten/Jozko,

I never knew of or have used 'cprid_util'.  In looking at link it looks like it will do the trick as well if not better using SIC.  I'll start playing around with cprid_util as well.  I was a little leary in trying to make ssh work.

Thank you both so much for pointing me in the right direction.

Bill