02-10-2020 04:47 AM
Hello,
I have two FTD 2110 in high availability.
I have a script that needs to log in to the ssh of the FTD.
I would like to ask if there is a way the login process to use a pair of public/private key instead of username and password.
Thanks and regards,
Konstantinos
02-10-2020 05:21 AM
Hi,
There is no way login using private/public certificates instead of username/password.
But what is the issue using username/password in the script you are using ?
02-10-2020 05:27 AM
02-10-2020 05:32 PM
I don't think it can be done.
or make a script in a way that you will be entering password manually once.
02-10-2020 10:59 PM
10-29-2021 08:54 AM
Hello,
sure, it can be done.
on your FTD:
1. make a local user
configure user add user1 basic
or
configure user add user1 config
2. go into "expert" mode and issue "sudo su"
expert
sudo su
3. generate public and private key:
ssh-keygen -t rsa -b 2048
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): [zostawić puste]
Enter same passphrase again: [zostawić puste]
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:v++aukga9RZhTONHweTN6oybKjeP876IOBZ59xNy5mM root@firepower
The key's randomart image is:
+---[RSA 2048]----+
| oo+. |
| + +.o |
| = o o |
| . o . |
| . . S . |
| o ..o.+* |
| o...*+.+ |
| o..=+=Eo o |
| ...oo=OX*++o |
+----[SHA256]-----+
4. make catalog .ssh in the user1's home catalog
mkdir -p /home/user1/.ssh
5. copy the generated public key to file authorized_keys in the /home/user1/.ssh directory:
cp /root/.ssh/id_rsa.pub /home/user1/.ssh/authorized_keys
Now you can use the id_rsa file (which contains private key) in your script for user "user1" - below an example:
ssh user1@192.168.0.1 -i /id_rsa
PS: change permission level for the file id_rsa using "chmod 400 id_rsa" command in case you get an error regarding the permission to id_rsa file like below:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0666 for '/bootflash/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/bootflash/id_rsa": bad permissions
06-20-2022 03:11 AM
hi,
I've tried this, but even though Ieft the password blank I'm prompted with enter password and can't proceed.
Anny ideas?
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide