Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9573
Views
5
Helpful
10
Replies

Login with SSH without user name and password

Go to solution
Remko de Koning
Level 1
Level 1

‎12-12-2014 07:03 AM

Hi guys,

 

Does anyone know if it is possible on the Small Business switches to logon using Putty without username and password.

For example to hold a SSH PKI on the machine that has putty.
Simply connecting from that specific machine logs you on automatically into the CLI of the switch.

If possible, how would I go about doing this?

Remko

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ghostinthenet
Level 7
Level 7

‎12-14-2014 08:48 AM

You sure can.

First, you need to enable SSH access to the switch by going to "Security:TCP/UDP Services" in the GUI, selecting SSH access and applying the configuration change.

Then, you enable public key authentication by going to "Security:SSH Server:SSH User Authentication", enabling both "SSH user authentication by public key" and "Automatic login" and apply the change.

Lastly, in the same section, you add an existing user to the SSH User Authentication Table. Paste in your RSA public key and apply.

Save your configuration changes and you're good to go.

This approach works well on an SG300, but different small business switches may go about things a bit differently.

View solution in original post

Go to solution
Remko de Koning
Level 1
Level 1
In response to ghostinthenet

‎12-14-2014 12:07 PM

Hi Jody, YES.... almost there.

I managed to setup a user, generate a public and private key with Putty and connect to the switch.

Putty now skips the "Login User" part but is still prompting for a user name and password.

Why is it asking for a Login User and right after for a username and password?

 

Output PUTTY:
Using username "Putty".
Authenticating with public key "rsa-key-20141214"

My goal in the end is to automate backups of these switches to an TFTP server. We have quite a few of these switches and it is a time consuming task to backup all these switches by hand.

This command should suffice.
copy running-config tftp://10.164.50.20/switch40-runningconfig.txt

I cannot seem to be able to bypass the logon part. Any idea how to accomplish this?

Thanks!

Remko

View solution in original post

0 Helpful
10 Replies 10

Go to solution
ghostinthenet
Level 7
Level 7

‎12-14-2014 08:48 AM

You sure can.

First, you need to enable SSH access to the switch by going to "Security:TCP/UDP Services" in the GUI, selecting SSH access and applying the configuration change.

Then, you enable public key authentication by going to "Security:SSH Server:SSH User Authentication", enabling both "SSH user authentication by public key" and "Automatic login" and apply the change.

Lastly, in the same section, you add an existing user to the SSH User Authentication Table. Paste in your RSA public key and apply.

Save your configuration changes and you're good to go.

This approach works well on an SG300, but different small business switches may go about things a bit differently.

Go to solution
Remko de Koning
Level 1
Level 1
In response to ghostinthenet

‎12-14-2014 12:07 PM

Hi Jody, YES.... almost there.

I managed to setup a user, generate a public and private key with Putty and connect to the switch.

Putty now skips the "Login User" part but is still prompting for a user name and password.

Why is it asking for a Login User and right after for a username and password?

 

Output PUTTY:
Using username "Putty".
Authenticating with public key "rsa-key-20141214"

My goal in the end is to automate backups of these switches to an TFTP server. We have quite a few of these switches and it is a time consuming task to backup all these switches by hand.

This command should suffice.
copy running-config tftp://10.164.50.20/switch40-runningconfig.txt

I cannot seem to be able to bypass the logon part. Any idea how to accomplish this?

Thanks!

Remko

0 Helpful

Go to solution
ghostinthenet
Level 7
Level 7
In response to Remko de Koning

‎12-14-2014 12:12 PM

Did you make sure the "Automatic login" option in the "Security:SSH Server:SSH User Authentication" pane was checked? Without this, the switch will present its own authentication prompts after the SSH connection is made.

0 Helpful

Go to solution
Remko de Koning
Level 1
Level 1
In response to ghostinthenet

‎12-14-2014 12:23 PM

Darn, I overlooked one small thing. The SSH user needs to be a user in the Local User Account table as well.

It works now! Thanks a billion. :-)

Now I can write a routine that creates a backup of all my switches.

Thanks for your help

Remko

0 Helpful

Go to solution
ghostinthenet
Level 7
Level 7
In response to Remko de Koning

‎12-14-2014 12:26 PM

I'm glad it's working and that I could help.

Please rate any comments you found helpful and mark one of them as correct.

0 Helpful

Go to solution
Remko de Koning
Level 1
Level 1
In response to ghostinthenet

‎12-15-2014 10:40 AM

I was cheering too soon so it seems.

There is something odd going on with Putty and the SG300 switch.

I cannot seem to input any commands into the switch if I use Putty with an input file.

Apparently someone else had the same problem as well
See this post: https://supportforums.cisco.com/discussion/11967896/sg300-ssh-strange-error-client-already-connected

The solution is unfortunately out of my league. It is a bit too complex for me to understand.

Is anyone able to use Putty to automate tasks on these switches. For example, automated backups?

 

 

0 Helpful

Go to solution
ghostinthenet
Level 7
Level 7
In response to Remko de Koning

‎12-15-2014 10:43 AM

SSH clients typically don't allow scripted commands to be passed through them once the connection is established.

Have you tried issuing the command as a part your SSH connection command? 

0 Helpful

Go to solution
ghostinthenet
Level 7
Level 7
In response to ghostinthenet

‎12-15-2014 10:53 AM

I just tried it on the SG300 and it won't take an SSH command argument. Might want to check with Small Business Support to see why this is the case. I suspect a bug in the switch's SSH server implementation.

0 Helpful

Go to solution
Remko de Koning
Level 1
Level 1
In response to ghostinthenet

‎12-15-2014 11:19 AM

Thanks for trying. I thought I was getting crazy.

I hope they will respond. There is no support contract on these switches as they are so "cheap" that we just have a couple of these switches on the shelf.

0 Helpful

Go to solution
Brandon Svec
Level 7
Level 7

‎12-15-2014 11:07 AM

You may be able to automate backups of these switches with SNMP.  Here is a thread for how to do it on SGE2010 that is also linksys/Cisco type like SG300:

https://supportforums.cisco.com/document/64191/backing-switch-config-file-tftp-server-snmp

 

-- please remember to rate and mark answered helpful posts --
0 Helpful
Customers Also Viewed These Support Documents