Upstream
/
lab-docu
mirror of https://github.com/Fohdeesha/lab-docu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: Upstream:46a3d8df4f31a947803c0796338c27874fdd1f9d
Branches Tags
Upstream:master
...
compare: Upstream:466da9a2ec327cd362827e57ed66cddb31587337
Branches Tags
Upstream:master

4 Commits
46a3d8df4f ... 466da9a2ec

Author SHA1 Message Date
Jon Sands 466da9a2ec update header 2023-10-31 05:18:34 -04:00
Jon Sands b4737a7a5d minor ICX6xxx SSH deets grammar update 2023-10-31 05:16:06 -04:00
Jon Sands 694bb4d5db
Merge pull request #40 from markovanderpuil/patch-1 
Add some ssh specifics to icx6xxx-adv.md
 2023-10-31 05:11:21 -04:00
markovanderpuil fcfdafda56
Update icx6xxx-adv.md 
Added stuff about BEGIN SSH2 PUBLIC KEY
Added stuff about .ssh/config options
 2023-09-10 16:43:01 +02:00
2 changed files with 21 additions and 1 deletions
Show Stats Expand all files Collapse all files

20
docs/icx6xxx-adv.md
View File

@ -121,12 +121,32 @@ ip ssh interactive-authentication no
Now we have to generate our key pair with [puttygen](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) on windows or ```ssh-keygen -t rsa``` on linux. The default settings of RSA @ 2048 bits works without issue. Generate the pair and save out both the public and private key.
>The ICX6xxx series do *not* support 4096 bit keys - when using `ssh-keygen` or `puttygen` etc, you must create 2048 bit keys.
For the switch to accept your public key file it should start with:
```
---- BEGIN SSH2 PUBLIC KEY ----
```
and end with:
```
---- END SSH2 PUBLIC KEY ----
```
Add those manually if it doesn't.
Copy the public key file to your TFTP server. Then use the following command to import it into your switch:
```
ip ssh pub-key-file tftp 192.168.1.8 public.key
```
You shouldn't need to be told basic key management if you're following this section, but just in case - copy your private key to the proper location on the *nix machine you'll be SSH'ing from, or if you're on windows, load it using [pageant](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html). Now when you SSH to the switch, it will authenticate using your private key.
On linux and macOS you'll want to add these lines to your ```~\.ssh\config``` file. IdentitiesOnly is to prevent ssh-agent from offering any other bigger (> 2048) keys first that will terminate the connection negotiation early. IdentityFile will use only this key for this connection. KexAlgorithms sets a key exchange algorithm that the older ICX6xxx series accepts:
```
Host <switch-ip>
IdentitiesOnly yes
IdentityFile ~/.ssh/private_key
KexAlgorithms +diffie-hellman-group1-sha1
```
## Name & Ditching The Serial Cable
Now that you have access and authentication configured, it only makes sense to christen it with a name of your choice:
```

2
overrides/main.html
View File

@ -2,7 +2,7 @@
{% block announce %}
<center>
<a href="https://github.com/Fohdeesha/lab-docu/commits/master" target="_blank">Docu Version: v4.8 (09-28-2023)</a>
<a href="https://github.com/Fohdeesha/lab-docu/commits/master" target="_blank">Docu Version: v4.9 (10-31-2023)</a>
-
<a href="https://github.com/Fohdeesha/lab-docu" target="_blank">Sources, Suggest, Contribute</a>
-