Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
955
Views
1
Helpful
6
Replies

password less authentication for Cisco switch 350 using ssh key

Go to solution
ThummalaSharan
Level 1
Level 1

‎11-29-2024 08:54 PM

[root@localhost .ssh]# ssh -i id_rsa annora@10.2.111.71
annora@10.2.111.71: Permission denied (publickey).

[root@localhost ~]# ssh -vvv annora@10.2.111.71
OpenSSH_8.7p1, OpenSSL 3.2.2 4 Jun 2024
debug1: Reading configuration data /root/.ssh/config
debug3: kex names ok: [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug3: kex names ok: [diffie-hellman-group14-sha1]
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 10.2.111.71 originally 10.2.111.71
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 10.2.111.71 is address
debug1: re-parsing configuration
debug1: Reading configuration data /root/.ssh/config
debug3: kex names ok: [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug3: kex names ok: [diffie-hellman-group14-sha1]
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 10.2.111.71 originally 10.2.111.71
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 10.2.111.71 [10.2.111.71] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3p1.RL
debug1: compat_banner: match: OpenSSH_7.3p1.RL pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.2.111.71:22 as 'annora'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
debug2: MACs ctos: hmac-sha1
debug2: MACs stoc: hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_DH_GEX_GROUP received
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: receive packet: type 33
debug1: SSH2_MSG_KEX_DH_GEX_REPLY received
debug1: Server host key: ssh-rsa SHA256:/2odO9eaZ798YyjmhYEAbBgiKh8vpB+Df8HFbLvDJKA
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:8
debug3: load_hostkeys_file: loaded 1 keys from 10.2.111.71
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.2.111.71' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:8
debug2: bits set: 1028/2048
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:6sdjQbTQjEzrBo5oHgmzYzZwXIUQQYyAC2ASb9iuCfE
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:6sdjQbTQjEzrBo5oHgmzYzZwXIUQQYyAC2ASb9iuCfE
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug3: no such identity: /root/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug3: no such identity: /root/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
annora@10.2.111.71: Permission denied (publickey).

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to ThummalaSharan

‎11-30-2024 04:48 AM

 Got it. I believe your problem is something local on the server. Fixing that. you might be able to connect.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎11-30-2024 02:14 AM

@ThummalaSharan 

– Enable ssh-server on the switch

switchxxxxxx(config)# ip ssh server

– Enable public key authentication

switchxxxxxx(config)# ip ssh pubkey-auth auto-login

– Add a user:

switchxxxxxx(config)# username martijn password SecretPassword privilege 15

– Then, add user’s public key

switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key martijn rsa
switchxxxxxx(config-pubkey-key)# key-string

(paste your id_rsa.pub here)

– Check if the fingerprint is correct:

switchxxxxxx# show crypto key pubkey-chain ssh

Username Fingerprint
————– —————————————————————
martijn 35:ea:60:06:fc:d7:f7:d3:3b:d1:0f:10:63:f7:0b:02

Now try to ssh to your switch; no password should be asked

0 Helpful

Go to solution
ThummalaSharan
Level 1
Level 1
In response to Flavio Miranda

‎11-30-2024 04:21 AM

Hi Flavio Miranda,

thank you so much for you reply.

i did same configuration as you mention on switch. 

switch42885f(config)#ip ssh server
switch42885f(config)#ip ssh pubkey-auth auto-login
switch42885f(config)#username sharan password Secret@123 privilege 15
switch42885f(config)#crypto key pubkey-chain ssh
switch42885f(config-pubkey-chain)#user-key sharan rsa
switch42885f(config-pubkey-key)#$QABAAABgQC97dCUAjv/JlmL+vhNyonGByPEA1boz7
zR/jBGpGwdF+z70YZ7lNpVfjSTUZ2EyEyIeufZlhRzT4v+/zRVQPwMc0pkBsUBhnq/0j9H
gZcLslszaCVO60EHunqZXw+aI5D7EnyI0CeeVXMJ7kaF6ZoS1ibWHyS6NFRDQWtdJrYbjX
/vOLmfUKKyKZupW43YNDVUXL54IXRl19Rc5VsJl+T3PL6lbcMWBbREqt4khhlLsoSh5L0R
kdv/StPALV79AcnJYfC6egh8glpXXR9pndhIdNpJVBwhX3e3IwbBmVWYPARURBifrrFE1+
A5ta5CCE3eJuOpiJIxWgTaDWIrxOtErveBM3FXLyBtocjPfNvVwWaarMaIgTNd+8NqZOCa
FAyFrqzJXD1F05AUxpwzs3kzpsZAVuyzWajK7k798hIbra14NCXTwEVp0Qy18BIrArJIt6
eOoboOzGOEq72ctfcgE0ty6T1lta0gcoOFXJ/q+ZiSJmn+Jkv7SKC3kMtNfXE=

Fingerprint: MD5:9c:ab:2f:37:4c:26:57:b5:31:d4:36:b6:88:07:88:18
switch42885f(config-pubkey-chain)#end
switch42885f#show crypto key pubkey-chain ssh
Username Fingerprint
-------------- ---------------------------------------------------------------
sharan MD5:9c:ab:2f:37:4c:26:57:b5:31:d4:36:b6:88:07:88:18
switch42885f#

in ansible server it was showing same error message

[root@localhost .ssh]# ssh sharan@10.2.200.49
sharan@10.2.200.49: Permission denied (publickey).
[root@localhost .ssh]# ssh-keygen -lf ~/.ssh/id_rsa.pub -E md5
3072 MD5:9c:ab:2f:37:4c:26:57:b5:31:d4:36:b6:88:07:88:18 root@localhost.localdomain (RSA)
[root@localhost .ssh]#

where i was doing wrong help me!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to ThummalaSharan

‎11-30-2024 04:34 AM

@ThummalaSharan 

 I believe your problem is related to how you are doing this on your linux server. The switch I believe if fine now.

If you added the CBS350 publick key on your SSH directory, give the file permission.

Then use the following ssh syntax

ssh -i ~/.ssh/custom_key_name  sharan@10.2.200.49

 

please, make sure you add the right key name

 

 

0 Helpful

Go to solution
ThummalaSharan
Level 1
Level 1
In response to Flavio Miranda

‎11-30-2024 04:33 AM

i just observed in .ssh/know_hosts rsa key was showing different one.

Preview file
76 KB
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to ThummalaSharan

‎11-30-2024 04:48 AM

 Got it. I believe your problem is something local on the server. Fixing that. you might be able to connect.

0 Helpful

Go to solution
ThummalaSharan
Level 1
Level 1
In response to Flavio Miranda

‎12-04-2024 07:47 AM

it was issue with Linux server only. now it was connecting with different centos 8 Linux server. thanks for your support

Customers Also Viewed These Support Documents