12-12-2014 07:03 AM
Hi guys,
Does anyone know if it is possible on the Small Business switches to logon using Putty without username and password.
For example to hold a SSH PKI on the machine that has putty.
Simply connecting from that specific machine logs you on automatically into the CLI of the switch.
If possible, how would I go about doing this?
Remko
Solved! Go to Solution.
12-14-2014 08:48 AM
You sure can.
First, you need to enable SSH access to the switch by going to "Security:TCP/UDP Services" in the GUI, selecting SSH access and applying the configuration change.
Then, you enable public key authentication by going to "Security:SSH Server:SSH User Authentication", enabling both "SSH user authentication by public key" and "Automatic login" and apply the change.
Lastly, in the same section, you add an existing user to the SSH User Authentication Table. Paste in your RSA public key and apply.
Save your configuration changes and you're good to go.
This approach works well on an SG300, but different small business switches may go about things a bit differently.
12-14-2014 12:07 PM
Hi Jody, YES.... almost there.
I managed to setup a user, generate a public and private key with Putty and connect to the switch.
Putty now skips the "Login User" part but is still prompting for a user name and password.
Why is it asking for a Login User and right after for a username and password?
Output PUTTY:
Using username "Putty".
Authenticating with public key "rsa-key-20141214"
My goal in the end is to automate backups of these switches to an TFTP server. We have quite a few of these switches and it is a time consuming task to backup all these switches by hand.
This command should suffice.
copy running-config tftp://10.164.50.20/switch40-runningconfig.txt
I cannot seem to be able to bypass the logon part. Any idea how to accomplish this?
Thanks!
Remko
12-14-2014 08:48 AM
You sure can.
First, you need to enable SSH access to the switch by going to "Security:TCP/UDP Services" in the GUI, selecting SSH access and applying the configuration change.
Then, you enable public key authentication by going to "Security:SSH Server:SSH User Authentication", enabling both "SSH user authentication by public key" and "Automatic login" and apply the change.
Lastly, in the same section, you add an existing user to the SSH User Authentication Table. Paste in your RSA public key and apply.
Save your configuration changes and you're good to go.
This approach works well on an SG300, but different small business switches may go about things a bit differently.
12-14-2014 12:07 PM
Hi Jody, YES.... almost there.
I managed to setup a user, generate a public and private key with Putty and connect to the switch.
Putty now skips the "Login User" part but is still prompting for a user name and password.
Why is it asking for a Login User and right after for a username and password?
Output PUTTY:
Using username "Putty".
Authenticating with public key "rsa-key-20141214"
My goal in the end is to automate backups of these switches to an TFTP server. We have quite a few of these switches and it is a time consuming task to backup all these switches by hand.
This command should suffice.
copy running-config tftp://10.164.50.20/switch40-runningconfig.txt
I cannot seem to be able to bypass the logon part. Any idea how to accomplish this?
Thanks!
Remko
12-14-2014 12:12 PM
Did you make sure the "Automatic login" option in the "Security:SSH Server:SSH User Authentication" pane was checked? Without this, the switch will present its own authentication prompts after the SSH connection is made.
12-14-2014 12:23 PM
Darn, I overlooked one small thing. The SSH user needs to be a user in the Local User Account table as well.
It works now! Thanks a billion. :-)
Now I can write a routine that creates a backup of all my switches.
Thanks for your help
Remko
12-14-2014 12:26 PM
I'm glad it's working and that I could help.
Please rate any comments you found helpful and mark one of them as correct.
12-15-2014 10:40 AM
I was cheering too soon so it seems.
There is something odd going on with Putty and the SG300 switch.
I cannot seem to input any commands into the switch if I use Putty with an input file.
Apparently someone else had the same problem as well
See this post: https://supportforums.cisco.com/discussion/11967896/sg300-ssh-strange-error-client-already-connected
The solution is unfortunately out of my league. It is a bit too complex for me to understand.
Is anyone able to use Putty to automate tasks on these switches. For example, automated backups?
12-15-2014 10:43 AM
SSH clients typically don't allow scripted commands to be passed through them once the connection is established.
Have you tried issuing the command as a part your SSH connection command?
12-15-2014 10:53 AM
I just tried it on the SG300 and it won't take an SSH command argument. Might want to check with Small Business Support to see why this is the case. I suspect a bug in the switch's SSH server implementation.
12-15-2014 11:19 AM
Thanks for trying. I thought I was getting crazy.
I hope they will respond. There is no support contract on these switches as they are so "cheap" that we just have a couple of these switches on the shelf.
12-15-2014 11:07 AM
You may be able to automate backups of these switches with SNMP. Here is a thread for how to do it on SGE2010 that is also linksys/Cisco type like SG300:
https://supportforums.cisco.com/document/64191/backing-switch-config-file-tftp-server-snmp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide