From dbc6fb207872774930732ee6b0241b480024f2d2 Mon Sep 17 00:00:00 2001 From: Derek Date: Wed, 13 Dec 2023 00:14:43 -0500 Subject: [PATCH] Update icx6xxx-adv.md ssh config I've seen a couple questions, one on the STH thread and one on Reddit, where SSH is failing due to the lack of "ssh-rsa" options. These changes to the documentation should help future beefers. --- docs/icx6xxx-adv.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/icx6xxx-adv.md b/docs/icx6xxx-adv.md index 7fdd44e..70f8f5d 100644 --- a/docs/icx6xxx-adv.md +++ b/docs/icx6xxx-adv.md @@ -137,13 +137,17 @@ ip ssh pub-key-file tftp 192.168.1.8 public.key ``` You shouldn't need to be told basic key management if you're following this section, but just in case - copy your private key to the proper location on the *nix machine you'll be SSH'ing from, or if you're on windows, load it using [pageant](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html). Now when you SSH to the switch, it will authenticate using your private key. -On linux and macOS you'll want to add these lines to your ```~\.ssh\config``` file. IdentitiesOnly is to prevent ssh-agent from offering any other bigger (> 2048) keys first that will terminate the connection negotiation early. IdentityFile will use only this key for this connection. KexAlgorithms sets a key exchange algorithm that the older ICX6xxx series accepts: +On linux and macOS you'll want to add these lines to your ```~\.ssh\config``` file. IdentitiesOnly is to prevent ssh-agent from offering any other bigger (> 2048) keys first that will terminate the connection negotiation early. IdentityFile will use only this key for this connection. KexAlgorithms sets a key exchange algorithm that the older ICX6xxx series accepts. The PubkeyAcceptedKeyTypes must be set as the algorithm is off by default more frequently, along with the HostKeyAlgorithm, to match what the ICX6xxx can offer: ``` Host + User root IdentitiesOnly yes IdentityFile ~/.ssh/private_key KexAlgorithms +diffie-hellman-group1-sha1 + PubkeyAcceptedKeyTypes=+ssh-rsa + HostKeyAlgorithms=+ssh-rsa + PreferredAuthentications publickey ```