In this post we are going to talk about how to login to the firewall using public key generated from your Linux machine (Network Jumper box) which can be useful in case you want to push scripts to the firewall without the need to authenticate with username and a password, let's go:
1. generate the key
samer@Samers-MacBook-Pro ~ % ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/samer/.ssh/id_rsa):
/Users/samer/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): press enter
Enter same passphrase again: press enter
Your identification has been saved in /Users/samer/.ssh/id_rsa
Your public key has been saved in /Users/samer/.ssh/id_rsa.pub
here you have created the key on your machine, and you can check it using the command $ls ~/.ssh/ which will view the existence of the generated keys in your hidden directory of ssh.
id_ed25519 id_ed25519.pub id_rsa id_rsa.pub known_hosts
now you need to copy the public key to the server or firewall or router you want to access and you can do this using:
1. SCP or....
2. importing it on the firewall using GUI.
press OK, then COMMIT.
now you can check access and as you can see below image, the user we used to access was api, if you don't specify the user, the terminal will use your machine name which is in this case "samer" and authentication will fail so we will use the same user "api" but no password will be prompted:
so the main idea here is that as network automation is important and it is recommended that you use LINUX machine as jumping box to do your scripts/codes to do your automation and programming tasks.
so it is better to use the SSH generated keys to login to devices, this will make running automated tasks easier and does not require user/password entering. (for example: no need to input password for netmiko while running a python script).
running CRON-TAB tasks that will also make access easier while it is still secure.
hope this was helpful.
No comments:
Post a Comment