cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1190
Views
0
Helpful
6
Replies

passwordless ssh file copy does not work on nexus 5000 / 5600

Hi,

I use several nexus 5672 with nx-os 7.3(3)N1(1) on which I want to automatically copy some show outputs to a ssh server.

For suppressing manual password input to the ssh server I configured passwordless file copy as documented here:

That means generating ssh rsa keys for a new user, installing the public key on the ssh server, and then trying to copy from the nexus to the ssh server with the following command:

sh xyz>scp://username@serverip/datapath/filename vrf default

Unfortunately I still get the password prompt.

 

I copied the private and public key to an pc where I successfully could connect to the ssh server without password prompt.

 

Does anybody know this issue and how to solve it?

Or is this feature not supported on nexus 5K?

 

Many thanks in advance

Thorsten

6 Replies 6

marce1000
VIP
VIP

 

 - Check the SSH server's logs for this particular attempt. This may indicate if the source public/private key=pair is actually being  involved  in the connection (auth-attempt)  or not.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

SSH Server log is attached, to be honest, I can not read it in detail.

 

Switch (Client) is 10.10.10.100

Server is 10.20.20.100

ssh username is 'test user'

 

I found the following line:

userauth_finish: failure partial=0 next methods="publickey,password" [preauth]

 

 

 

 - For the moment I can't find any anomalies ; try increasing the logging level by editing the sshd configuration file : 1) vi 

/etc/ssh/sshd_config

 Find LogLevel directive and set it to DEBUG3; stop and re-start sshd, then try again and post the output.

 M. 



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

loglevel was already set to debug3.

If I copy keypair from switch to pc and use winscp to login to ssh-server that works fine with the keypair, I'm not prompted to type in a password.

 

 - It does indeed mean that the 5000 currently does not use the key-pair authentication, because if it would the keys would also be listed in the logs (for that debug-level) which they are not. There are a number of possibilities 1) You configured something wrong 2) The 5000 does not support it 3) Is related to item 2 : check current software version being used, if applicable  try later or recent version for the  platform. Check if this helps.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

updated today to 7.3(5)N1(1).

Still does not work.

I assume that it's maybe not supported on this platform

 

Found two more discussions without solution (for N3K/9K):

 

So maybe it's a common problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: