证所周知,如果你需要 ssh 免密登陆到 ssh server,只需要将 ssh client 端的公钥复制到 ssh server 即可;那么如果需要实现 SSH 免密登陆 CISCO IOX 设备,只需要将你 ssh client 端的公钥复制到 CICCO IOX 设备即可,以下是复制的过程。
SSH Client 生成 1024 公钥 #
虽然 CISCO IOX 官方文档说明支持 512-2024 长度的公钥,但是测试结果发现是导入 2024 长度的公钥是会报错的 ,所以这里我会选择使用 1024 长度的公钥。
RP/0/RP1/CPU0:CORE6-ASR9922-A#admin
Sat May 16 17:23:01.985 UTC
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#crypto key import authentication rsa username cisco harddisk:/myrouter_sshkey
Sat May 16 17:23:05.548 UTC
Cannot execute the command : Invalid argument <<<< 报错
SSH client 生成 1024 长度的公钥
[root@xuxing ~]# ssh-keygen -t rsa -b 1024
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7ryKkFzYx90V7R9g4bEoYmOYttnspWdkItDLOgf1Xac root@xuxing
The key's randomart image is:
+---[RSA 1024]----+
|.. . .+. |
|. + . = . . o++ |
| + * X * + .o+. |
|. =tO.+.E... .. |
| o.oooo S . ..|
|o..oo. . .|
| o+ . |
| . . o |
| . ..+. |
+----[SHA256]-----+
[root@xuxing ~]#
创建密钥的二进制 base64 文件并将其导入路由器 #
[root@xuxing ~]# cut -d" " -f2 .ssh/id_rsa.pub | base64 -d > myrouter_sshkey
RP/0/RP1/CPU0:CORE6-ASR9922-A#scp [email protected]:/root/myrouter_sshkey harddisk: vrf MGMT
Sat May 16 17:25:50.622 UTC
Connecting to 10.75.49.238...
Password:
Transferred 151 Bytes
151 bytes copied in 0 sec (50333)bytes/sec
RP/0/RP1/CPU0:CORE6-ASR9922-A#
RP/0/RP1/CPU0:CORE6-ASR9922-A#
RP/0/RP1/CPU0:CORE6-ASR9922-A#admin
Sat May 16 17:25:58.538 UTC
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#crypto key import authentication rsa username cisco harddisk:/myrouter_sshkey
Sat May 16 17:26:03.558 UTC
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#show cr
critmon crypto
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#show crypto key authentication rsa username cisco
Sat May 16 17:26:33.651 UTC
Key label: cisco
Type : RSA public key authentication
Size : 1024
Imported : 17:26:03 UTC Sat May 16 2020
Data :
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00D5CD2F
8B735083 0E3A1393 4EDC3E5C 96D7AD4E A7555318 491295F5 1DEDC219 B1FDA75A
35439CE3 60FE4E6B E6C7D4D3 4B7C9AF9 1510B381 55011A89 690D95E8 A0EB6057
5B749F4C B01F02B1 877F865T 116ECB39 059A9E96 686293B3 023C5BDF 8B9F37A0
FA65DF81 AE273898 26CC0059 F8BAC64B 31661D5C 7D714317 392C26AB 2F020301
0001
RP/0/RP1/CPU0:CORE6-ASR9922-A(admin)#
验证结果 #
[root@xuxing ~]# ssh -l cisco 9922a
Last switch-over Sat May 2 11:36:06 2020: 2 weeks, 6 hours, 3 minutes ago
RP/0/RP1/CPU0:CORE6-ASR9922-A#