DSA key login and command execution via SSH on RouterOS.........
DSA key login and command execution via SSH on RouterOS
Since RouterOS 2.9.13 the support for SSH DSA keys and command execution via ssh connection is available.
This allows admins to run commands and scripts from a remote machine on a RouterOS equipped one without inserting interactively a password to authenticate (Public/Private Key Authentication).
To use this facility, only three configuration steps are necessary.
First step is to create a key using ssh-keygen.
To Login in the remote machine without being prompted for key PassPhrase, it is possible to:
1. Leave passphrase blank during creation.
2. Use OpenSSL Toolkit to remove PassPhrase.
3. Use a local SSH-Agent to manage Key Authentication & Forwarding (RECOMMENDED)
Second step is upload via FTP the id_dsa.pub Key (Public Key) into the RouterOS device.
Third and last step is import the key in RouterOS Terminal (also possible using Winbox Client).
The user field determines which user account will be authenticated when using the specific Key.
By authenticating with the Public/Private Key, the process of sending commands to devices will be drastically simplified, for example in my old RB500 used in LAB:
The immediate reply will be:
This allows admins to run commands and scripts from a remote machine on a RouterOS equipped one without inserting interactively a password to authenticate (Public/Private Key Authentication).
To use this facility, only three configuration steps are necessary.
First step is to create a key using ssh-keygen.
To Login in the remote machine without being prompted for key PassPhrase, it is possible to:
1. Leave passphrase blank during creation.
2. Use OpenSSL Toolkit to remove PassPhrase.
3. Use a local SSH-Agent to manage Key Authentication & Forwarding (RECOMMENDED)
Second step is upload via FTP the id_dsa.pub Key (Public Key) into the RouterOS device.
Third and last step is import the key in RouterOS Terminal (also possible using Winbox Client).
The user field determines which user account will be authenticated when using the specific Key.
By authenticating with the Public/Private Key, the process of sending commands to devices will be drastically simplified, for example in my old RB500 used in LAB:
The immediate reply will be:
Comments
Post a Comment