Ethernet Switches & Routers

Reply
New Contributor
Posts: 2
Registered: ‎06-29-2015
Accepted Solution

SSH ICX7450 with RSA key

Hello,

 

I have a strange issue when trying to setup key authentication on my lab ICX7450 environment. I have generated the key on my ssh server and created a file with the contents of my id_rsa.pub named as pkeys.txt, I then used scp to send it to the test switch. The destination was myuser@switchid:sshPubKey. Now when I am on the switch I can see the key by running,

 

SSH@ICX7450(config)#sh ip client-pub-key
---- BEGIN SSH2 PUBLIC KEY ----
ssh-rsa AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET W6ToHv8D1UJ/
z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om
1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv
wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v
GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV== user@sshserver
---- END SSH2 PUBLIC KEY ----

 

What seems strange to me however is when I run,

 

SSH@ICX7450(config)#sh ip ssh config
SSH server : Enabled
SSH port : tcp\22
Host Key : RSA 1024
Encryption : AES-256, AES-192, AES-128, 3-DES
Permit empty password : No
Authentication methods : Public-key, Interactive
Authentication retries : 3
Login timeout (seconds) : 120
Idle timeout (minutes) : 5
Strict management VRF : Disabled
SCP : Enabled
SSH IPv4 clients : All
SSH IPv6 clients : All
SSH IPv4 access-group : 29
SSH IPv6 access-group :
SSH Client Keys :

 

There is no listed client keys, is this value suppose to be blank? Then once I try to connect to the device this is the output with debugging I receive. 

 

ssh -v ICX7450 public-key rsa
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ICX7450 [192.168.1.200] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version RomSShell_4.61
debug1: no match: RomSShell_4.61
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 7a36:08:1e:48:4309:d5:64:ad:de:6e:dd:91:60:98
debug1: Host 'ICX7450' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:12
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).

 

It would seem as thought the key exchange is working however I am unable to get onto the switch. Could anyone shed some light as to what may be going on here?

 

Thank you,

Adam

New Contributor
Posts: 2
Registered: ‎06-29-2015

Re: SSH ICX7450 with RSA key

Hello,

 

It would appear I have resolved my own issue. The issue was with the formating of my pkeys file in the event anyone has this same issue. If the keys are not formatted like this exactly the login will fail.

 

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "username / email"
AAAAB3NzaC1yc2EAAAABIwAAAQEA88pt28yU5jq4KZQ88nKsl2iYMhxatRv742Ak52c8/qIqivw+Drs9/r4ggnjCBrQ8+nycmc3Qe
DsAa7ci3bXUYebYHAuNbOF9QKJst2SquFSGUu5kGGDxNhdiYdVVuqH/DEzXN+CXaLexykSPfe/YpHRhHVK4Zhv1Vbr8pmLTtaOBep
dCUE+s9anqzDHRIfm6b/3XJSLlXx95mi4Yj/0BEM6SYHzsAr0jhlfvbA84HZpzQBrEi7dHrylm6UDtPXSWkZq3Ki+rMED6ZUUjWVL
O0YuVq5NJi9EkgbVSbhK+hr9BndLOpl0jUrjxHT4mtz7p+RTM5Wm3G7AB54LzNhxHWQ==
---- END SSH2 PUBLIC KEY ----

Hope this saves a headache for others.

Regards,
Adam

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.