Posted on September 1, 2020 7:56 am
 |  Asked by Waleed Alsaeed
 |  58 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hi,

I want to add two ssh keys for one user, so I added two keys user using the CLI, however, it seems only the first key is only what is accepted to login without password.

Here’s an example: username admin ssh-key ssh-rsa [KEY-1] ssh-rsa [KEY-2].

Is this supported?

 

Thanks in advance..

 

Waleed

 

2
Answered on September 1, 2020 8:24 am

Hi Waleed,

Thanks for reaching out.

Currently, Multiple SSH keys per user are not supported within EOS CLI.

However there is a workaround to accomplish this:

We can do this by manually modifying the ~.ssh/authorized_keys file from the bash shell and pasting all the public keys there because this is not reflected in the running config. The file will not survive software upgrades/reboots, however, we can make a backup of the authorized_keys file (for example on /mnt/flash) and configure an event handler to copy the authorized_keys file after the switch boots up.

For Example:

1. I have added the user bhavana and a single ssh key via EOS CLI
conf
username bhavana privilege 15 role network-admin secret sha512 vz5uNRHncbe3FBf.T7z8hWG6Yz3iKjcALcAHng.OvxlEgj3LDBrqjxwm6WXi/Oi1
username bhavana sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArZLVF21YJ1qEYvvL
end

2. I then wanted to add a second key so I logged in as bhavana enter bash mode then changed directories to .ssh .Once entered the .ssh directory I have issued vi  authorized_keys file and added the new key.
#bash
$ pwd
/home/bhavana
$ cd .ssh
$ vi authorized_keys
esc G$ to go to the end of the file
esc A then enter to get to the next empty line
copy and paste the new sshkey
:wq! to save the file

3. Copy the authorized_keys file to flash so it will survive a reboot
$ cp authorized_keys /mnt/flash/bhavana_authorized_keys

4. Create an event-handler so upon reboot the switch will copy the file from the flash to users .ssh directory
conf
event-handler sshkeys
trigger on-boot
action bash cat /mnt/flash/bhavana_authorized_keys > /home/bhavana/.ssh/authorized_keys
end

Thanks,

Bhavana.

0
Posted by Waleed Alsaeed
Answered on September 2, 2020 5:23 am

Thanks Bhavana, I was able to add the keys in the authorized_keys file and it works fine..

 

Thanks again..

Waleed

Post your Answer

You must be logged in to post an answer.