10-29-2019 12:18 AM
Hi,
I use several nexus 5672 with nx-os 7.3(3)N1(1) on which I want to automatically copy some show outputs to a ssh server.
For suppressing manual password input to the ssh server I configured passwordless file copy as documented here:
That means generating ssh rsa keys for a new user, installing the public key on the ssh server, and then trying to copy from the nexus to the ssh server with the following command:
sh xyz>scp://username@serverip/datapath/filename vrf default
Unfortunately I still get the password prompt.
I copied the private and public key to an pc where I successfully could connect to the ssh server without password prompt.
Does anybody know this issue and how to solve it?
Or is this feature not supported on nexus 5K?
Many thanks in advance
Thorsten
10-29-2019 12:27 AM
- Check the SSH server's logs for this particular attempt. This may indicate if the source public/private key=pair is actually being involved in the connection (auth-attempt) or not.
M.
10-30-2019 05:57 AM
10-31-2019 02:30 AM
- For the moment I can't find any anomalies ; try increasing the logging level by editing the sshd configuration file : 1) vi
/etc/ssh/sshd_config
Find LogLevel directive and set it to DEBUG3; stop and re-start sshd, then try again and post the output.
M.
10-31-2019 03:19 AM
loglevel was already set to debug3.
If I copy keypair from switch to pc and use winscp to login to ssh-server that works fine with the keypair, I'm not prompted to type in a password.
10-31-2019 05:50 AM
- It does indeed mean that the 5000 currently does not use the key-pair authentication, because if it would the keys would also be listed in the logs (for that debug-level) which they are not. There are a number of possibilities 1) You configured something wrong 2) The 5000 does not support it 3) Is related to item 2 : check current software version being used, if applicable try later or recent version for the platform. Check if this helps.
M.
11-08-2019 05:35 AM
updated today to 7.3(5)N1(1).
Still does not work.
I assume that it's maybe not supported on this platform
Found two more discussions without solution (for N3K/9K):
So maybe it's a common problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide