证所周知,如果你需要ssh免密登陆到ssh server,只需要将ssh client端的公钥复制到ssh server即可;那么如果需要实现SSH免密登陆CISCO IOX设备,只需要将你ssh client端的公钥复制到CICCO IOX设备即可,以下是复制的过程。
SSH Client生成1024公钥
虽然CISCO IOX官方文档说明支持512-2024 长度的公钥,但是测试结果发现是导入2024长度的公钥是会报错的 ,所以这里我会选择使用1024长度的公钥。
1 2 3 4 5 | RP/0/RP1/CPU0:CORE6-ASR9922-A#admin Sat May 16 17:23:01.985 UTCRP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#crypto key import authentication rsa username cisco harddisk:/myrouter_sshkeySat May 16 17:23:05.548 UTCCannot execute the command : Invalid argument <<<< 报错 |
SSH client 生成1024长度的公钥
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@xuxing ~]# ssh-keygen -t rsa -b 1024Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:7ryKkFzYx90V7R9g4bEoYmOYttnspWdkItDLOgf1Xac root@xuxingThe key's randomart image is:+---[RSA 1024]----+|.. . .+. ||. + . = . . o++ || + * X * + .o+. ||. =tO.+.E... .. || o.oooo S . ..||o..oo. . .|| o+ . || . . o || . ..+. |+----[SHA256]-----+[root@xuxing ~]# |
创建密钥的二进制base64文件并将其导入路由器
1 | [root@xuxing ~]# cut -d" " -f2 .ssh/id_rsa.pub | base64 -d > myrouter_sshkey |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | RP/0/RP1/CPU0:CORE6-ASR9922-A#scp root@10.75.49.222:/root/myrouter_sshkey harddisk: vrf MGMTSat May 16 17:25:50.622 UTCConnecting to 10.75.49.238...Password: Transferred 151 Bytes 151 bytes copied in 0 sec (50333)bytes/secRP/0/RP1/CPU0:CORE6-ASR9922-A#RP/0/RP1/CPU0:CORE6-ASR9922-A#RP/0/RP1/CPU0:CORE6-ASR9922-A#adminSat May 16 17:25:58.538 UTCRP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#crypto key import authentication rsa username cisco harddisk:/myrouter_sshkeySat May 16 17:26:03.558 UTCRP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#show crcritmon crypto RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#show crypto key authentication rsa username ciscoSat May 16 17:26:33.651 UTCKey label: ciscoType : RSA public key authenticationSize : 1024Imported : 17:26:03 UTC Sat May 16 2020Data : 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00D5CD2F 8B735083 0E3A1393 4EDC3E5C 96D7AD4E A7555318 491295F5 1DEDC219 B1FDA75A 35439CE3 60FE4E6B E6C7D4D3 4B7C9AF9 1510B381 55011A89 690D95E8 A0EB6057 5B749F4C B01F02B1 877F865T 116ECB39 059A9E96 686293B3 023C5BDF 8B9F37A0 FA65DF81 AE273898 26CC0059 F8BAC64B 31661D5C 7D714317 392C26AB 2F020301 0001 RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)# |
验证结果
1 2 3 4 | [root@xuxing ~]# ssh -l cisco 9922aLast switch-over Sat May 2 11:36:06 2020: 2 weeks, 6 hours, 3 minutes agoRP/0/RP1/CPU0:CORE6-ASR9922-A# |
the Blog from link: http://imxing.cn/wp-trackback.php?p=769