Does nct ssh-cmd work with public-key (.pem) authentication?

kbarve · ‎07-23-2017

I am trying to do ssh to a NSO device using nct tool. The NSO is installed on AWS, where we use the public.key (.pem) key to do ssh to the instance. (Eg: ssh -i test.pem x.y.z.a)

On nct ssh-cmd --help, i find only below options

--ssh-user	SSH User [default: ec2-user]
--ssh-pass	SSH Password
--ssh-port	SSH server port [default: 22]

--ssh-timeout SSH timeout in mSec [default: infinity]

How can i include .pem key in nct ssh-cmd ?

yfherzog · ‎07-24-2017

I you run 'man nct', you will see some more details:

...

The use of SSH

The NCS tools make heavy use of SSH for running commands and copying file on/to the Hosts. It is possible to

specify the `SSH User' and `SSH Password' to be used for each Host, either with a switch to a command or in

the hostsfile. It is recommended to add the `SSH Password' to the hostsfile and prohibit other users read

access to the file for security reasons.

It is also possible to use `SSH KEYS' as long as they do not require a passphrase.

Then, for each Host, setup the SSH key authentication. This can easily be done with the `ssh-copy-id'

command. Example:

ssh-copy-id user@192.168.23.99

Note

Per default, the default filename of the SSH key pair will be used; for example id_rsa for RSA keys. To

override this behaviour you can use the `--ssh-key-name <keyname>' switch with any NCT command.

...

It then gives an example of a hostsfile without ssh password.

Yftach

kbarve · ‎07-24-2017

Here server is already enabled with ssh key authentication.

Can you please elaborate this line:

To override this behaviour you can use the `--ssh-key-name <keyname>' switch with any NCT command.

yfherzog · ‎07-24-2017

Never tried this, but I guess one can have multiple keys stored per user, and used for different connections, and this one allows you to select the one you want to use for nct.

I think this should be equivalent to the '-i' option on the ssh command (see more details on the ssh man page).

kbarve · ‎07-24-2017

I got it. Thanks.

I referred to https://stackoverflow.com/questions/26421475/cannot-find-id-rsa-pub-in-the-unix-server-can-i-regenerate-it-id-sra-private. It gave a good bit of info.

Generated ssh key on the m/c where nct commands will be run and copied the content of id_rsa.pub to NSO instances .ssh/authorized key file.

I could then login to NSO instance without any key file. hence NCT commands worked.

Fear of automation causing outages or misconfigurations
Lack of trust in AI recommendations
Data quality and completeness issues
Security, compliance, or privacy concerns
Other
Skills or knowledge gaps among staff
AI decisions being a “black box”
Organizational resistance to change