Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
2
Helpful
4
Replies

Does nct ssh-cmd work with public-key (.pem) authentication?

kbarve
Cisco Employee
Cisco Employee

‎07-23-2017 10:47 PM - edited ‎03-01-2019 03:56 AM

Does nct ssh-cmd work with public-key (.pem) authentication?

I am trying to do ssh to a NSO device using nct tool. The NSO is installed on AWS, where we use the public.key (.pem) key to do ssh to the instance. (Eg: ssh -i test.pem x.y.z.a)

On nct ssh-cmd --help, i find only below options

  --ssh-user SSH User [default: ec2-user]
  --ssh-pass SSH Password
  --ssh-port SSH server port [default: 22]

  --ssh-timeout  SSH timeout in mSec [default: infinity]

How can i include .pem key in nct ssh-cmd ?

Labels:
4 Replies 4

yfherzog
Cisco Employee
Cisco Employee

‎07-24-2017 01:54 AM

I you run 'man nct', you will see some more details:

...

...

...

   The use of SSH

       The NCS tools make heavy use of SSH for running commands and copying file on/to the Hosts. It is possible to

       specify the `SSH User' and `SSH Password' to be used for each Host, either with a switch to a command or in

       the hostsfile. It is recommended to add the `SSH Password' to the hostsfile and prohibit other users read

       access to the file for security reasons.

       It is also possible to use `SSH KEYS' as long as they do not require a passphrase.

       Then, for each Host, setup the SSH key authentication. This can easily be done with the `ssh-copy-id'

       command. Example:

           ssh-copy-id user@192.168.23.99

           Note

           Per default, the default filename of the SSH key pair will be used; for example id_rsa for RSA keys. To

           override this behaviour you can use the `--ssh-key-name <keyname>' switch with any NCT command.

...

...

...

It then gives an example of a hostsfile without ssh password.

Yftach

0 Helpful

kbarve
Cisco Employee
Cisco Employee

‎07-24-2017 03:24 AM

Here server is already enabled with ssh key authentication.

Can you please elaborate this line:

To override this behaviour you can use the `--ssh-key-name <keyname>' switch with any NCT command.

0 Helpful

yfherzog
Cisco Employee
Cisco Employee
In response to kbarve

‎07-24-2017 04:04 AM

Never tried this, but I guess one can have multiple keys stored per user, and used for different connections, and this one allows you to select the one you want to use for nct.

I think this should be equivalent to the '-i' option on the ssh command (see more details on the ssh man page).

0 Helpful

kbarve
Cisco Employee
Cisco Employee
In response to yfherzog

‎07-24-2017 11:19 AM

I got it. Thanks.

I referred to https://stackoverflow.com/questions/26421475/cannot-find-id-rsa-pub-in-the-unix-server-can-i-regenerate-it-id-sra-private. It gave a good bit of info.

Generated ssh key on the m/c where nct commands will be run and copied the content of id_rsa.pub to NSO instances .ssh/authorized key file.

I could then login to NSO instance without any key file. hence NCT commands worked.

Customers Also Viewed These Support Documents