Для подключения к маршутизаторам МЕ по ssh можно использовать SSH-RSA ключ , вместо пароля.
Сгенерировать ключ, в OS Linux можно с помощью команды "ssh-keygen -t rsa" :
user@me-admin:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa Your public key has been saved in /home/user/.ssh/id_rsa.pub The key fingerprint is: SHA256:h+yqIYLvfbP2apEMLFo2TGnWBzQ5K2hUOiGcLJQvhAs user@me-admin The key's randomart image is: +---[RSA 3072]----+ |*o+=+o | |EBB +.. | |=X.. + | |ooO.+ . . | |.+.+ o .S . | |o +. . | |o . . .. | | o o .=. | | .o o=+=. | +----[SHA256]-----+
Публичный ключ был сохранен в директорию "/home/user/.ssh/id_rsa.pub"
Затем необходимо создать пользователя и добавить ему данный ключ:
user key
authorized-key key1
description "test key"
key-string "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2PTR6Z9mFnRdis83NG+ <--- Ключ необходимо указывать в кавычках
mUBb6dhMf5g5no0nfRvpUfReubF1LYKUqJTV+xN/ZKOFmqXUqRVeafiXeP8sBb9eTxcIIiKfBui
pI0HqlAAM86AKhTHiURWAMzZgW0HVpvTqShEDUXnZQfWdbNf6IU+ONJjSyMqhkgutnOhpxY2ZW0
7kiay+SuZPeUMqY/pEZy2QOfDGG3ogCh0YKlljLou57X7GQTzbXwKzo7mfk49nbXgGgOZNBjCQb
jr8YHOMDZ/eFOgYEMmg3WccxI3hldpR8YP8Hin6apy0HT1su1wmfzguLuWYU7DWGoGriy7u9qT1
A02EcgvX9MEt22CFZxsMLqxBhZpSzmnlHgulBPMMYiYvyPxPM0OppgKw5Ll9uzZMAxrt/S7Ykyk
wFyur2Pql8vub0/dEMnsN6zrkK54CuaTYdfqRv1I1PJgjjUwJ5dl2H+iZk1soKvCetQK2PJkk6N
zndGUfcw77TGNuERYL70m5eJVJlIa2OuY5tLoUXExRc= user@me-admin"
exit
password encrypted $6$BPCd0Y6/OmpoZ3lE$rEHyU1ZobMPvDvQ0KuSf4zX59b.3.HZi1BUEnD4iY1cvzSKiF0MS2pzWvJ0Av0jWYjockqCZ4P/X2.9B9O7L4.
privilege p15
Теперь при подключении к данному маршрутизатору будет использоваться ключ:
user@me-admin:~$ ssh key@192.168.1.1 The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. ED25519 key fingerprint is SHA256:kOwfT/IEeu7G3KwbBqTMonZXzB6cPTMcqLO7uyDPZGo. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.1.1' (ED25519) to the list of known hosts. X11 forwarding request failed on channel 0 Successfully connected to klish server ******************************************** * Welcome to ME5200S * ******************************************** 0/ME5200S:R6#
Так же можно сгенерировать ключ на самом маршрутизаторе, с помощью команды "key generate [rsa\rsa1\dsa] label [text] modulus [1024-4096]":
0/ME5200S:R6# key generate rsa label My_Test_Key modulus 2048
Mon Jul 15 07:14:48 2024
Keys generated successfully
Elapsed time was 3.941012 sec
Проверить созданные ключи можно командой "show ssh key":
0/ME5200S:R6# show ssh key
Mon Jul 15 07:15:23 2024
---------------KEY #1---------------
Keys type: rsa
Keys modulus: 2048 bits
Label: My_Test_Key
Creation date: Mon Jul 15 07:14:52 GMT 2024
Public key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRe5xtLvpX7wh20BtCxHvdtEP94SOxFxHLuD87uUywrDTrKLFcum6U8tK1be0aVtpM7tEgB1q4AYl9cxNBUfmaLYFl6nMM66JWn8yPlLc19sKorgX64/qtmntcGtu0+1Jmaoj7XriuOoRXDefHgr30C6eAi+GgS2azttcKokQShn6s9rou+rTfniVZdO4siWBWkaX4w22a+z1YOCCQK94rgCF3b7OReHQeSi47abiD4hxsUxTwh41nbq47pz9M1Z25V8EjSWtXGR3o8hJNASIJ5CoNPTDYFtaU3AKhn5r/Ki1rCSjQf9PwoiQO1M29eBKcqqagTjmnIfDGddDO6lwZ My_Test_Key
Публичный ключ необходимо добавить на необходимое устройство, в системах linux это "~/.ssh/authorized_keys"
Очистить ключи можно с помощью команды "clear ssh key" :
0/ME5200S:R6# clear ssh key all All types of key dsa SSH-DSS key rsa SSH-RSA key rsa1 SSHV1-RSA key 0/ME5200S:R6# clear ssh key all You are going to clear all keys. Are you sure? (y/n): [n] y Mon Jul 15 07:35:19 2024