Mailing List Archive

Tue, Dec 05, 2017 at 10:50:54PM +0000, Remsik,Robert:
> Hello!
>
>
> I've got a couple network devices that support either username/password OR sshkeys, but not both, for management access. Is there a way to have rancid use an ssh key in the .clogit file or another way to
>
>
> I'm trying to setup sshing into network devices via ssh keys (bypassing username/passwords) and I'm not coming up with anything. Is this possible?
>

yes, see cloginrc(5).

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

On 12/5/2017 6:38 PM, heasley wrote:
> Tue, Dec 05, 2017 at 10:50:54PM +0000, Remsik,Robert:
>> Hello!
>>
>>
>> I've got a couple network devices that support either username/password OR sshkeys, but not both, for management access. Is there a way to have rancid use an ssh key in the .clogit file or another way to
>>
>>
>> I'm trying to setup sshing into network devices via ssh keys (bypassing username/passwords) and I'm not coming up with anything. Is this possible?
>>
>
> yes, see cloginrc(5).

We prefer keys so at the very bottom of my .cloginrc I have:

# these are the broadest defaults at the bottom. These are used if
# nothing matches above.
#
# In theory, we use ssh key wherever we can and it just gets us in.
# ./bin/clogin will barf if you don't provide a value for the password
# field
add user * {rancid}
add password * {not-a-real-password}
add method * {ssh}
add autoenable * {1}
add identity * {/usr/local/rancid3/.ssh/id_rsa}


>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>

That was the trick. Thank you very much. :D







Robert Remsik

Telecom

Desk Phone: 970 491 7120

Robert.Remsik@colostate.edu


________________________________
From: Rancid-discuss <rancid-discuss-bounces@shrubbery.net> on behalf of Eric W. Bates <ericx@whoi.edu>
Sent: Tuesday, December 5, 2017 4:45 PM
To: rancid-discuss@shrubbery.net
Subject: Re: [rancid] Logging in with ssh keys vs username passwords

On 12/5/2017 6:38 PM, heasley wrote:
> Tue, Dec 05, 2017 at 10:50:54PM +0000, Remsik,Robert:
>> Hello!
>>
>>
>> I've got a couple network devices that support either username/password OR sshkeys, but not both, for management access. Is there a way to have rancid use an ssh key in the .clogit file or another way to
>>
>>
>> I'm trying to setup sshing into network devices via ssh keys (bypassing username/passwords) and I'm not coming up with anything. Is this possible?
>>
>
> yes, see cloginrc(5).

We prefer keys so at the very bottom of my .cloginrc I have:

# these are the broadest defaults at the bottom. These are used if
# nothing matches above.
#
# In theory, we use ssh key wherever we can and it just gets us in.
# ./bin/clogin will barf if you don't provide a value for the password
# field
add user * {rancid}
add password * {not-a-real-password}
add method * {ssh}
add autoenable * {1}
add identity * {/usr/local/rancid3/.ssh/id_rsa}


>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>