07-23-2017 10:47 PM - edited 03-01-2019 03:56 AM
Does nct ssh-cmd work with public-key (.pem) authentication?
I am trying to do ssh to a NSO device using nct tool. The NSO is installed on AWS, where we use the public.key (.pem) key to do ssh to the instance. (Eg: ssh -i test.pem x.y.z.a)
On nct ssh-cmd --help, i find only below options
--ssh-user | SSH User [default: ec2-user] |
--ssh-pass | SSH Password |
--ssh-port | SSH server port [default: 22] |
--ssh-timeout SSH timeout in mSec [default: infinity]
How can i include .pem key in nct ssh-cmd ?
07-24-2017 01:54 AM
I you run 'man nct', you will see some more details:
...
...
...
The use of SSH
The NCS tools make heavy use of SSH for running commands and copying file on/to the Hosts. It is possible to
specify the `SSH User' and `SSH Password' to be used for each Host, either with a switch to a command or in
the hostsfile. It is recommended to add the `SSH Password' to the hostsfile and prohibit other users read
access to the file for security reasons.
It is also possible to use `SSH KEYS' as long as they do not require a passphrase.
Then, for each Host, setup the SSH key authentication. This can easily be done with the `ssh-copy-id'
command. Example:
ssh-copy-id user@192.168.23.99
Note
Per default, the default filename of the SSH key pair will be used; for example id_rsa for RSA keys. To
override this behaviour you can use the `--ssh-key-name <keyname>' switch with any NCT command.
...
...
...
It then gives an example of a hostsfile without ssh password.
Yftach
07-24-2017 03:24 AM
Here server is already enabled with ssh key authentication.
Can you please elaborate this line:
To override this behaviour you can use the `--ssh-key-name <keyname>' switch with any NCT command.
07-24-2017 04:04 AM
Never tried this, but I guess one can have multiple keys stored per user, and used for different connections, and this one allows you to select the one you want to use for nct.
I think this should be equivalent to the '-i' option on the ssh command (see more details on the ssh man page).
07-24-2017 11:19 AM
I got it. Thanks.
I referred to https://stackoverflow.com/questions/26421475/cannot-find-id-rsa-pub-in-the-unix-server-can-i-regenerate-it-id-sra-private. It gave a good bit of info.
Generated ssh key on the m/c where nct commands will be run and copied the content of id_rsa.pub to NSO instances .ssh/authorized key file.
I could then login to NSO instance without any key file. hence NCT commands worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide