I want to add two ssh keys for one user, so I added two keys user using the CLI, however, it seems only the first key is only what is accepted to login without password.
Here’s an example: username admin ssh-key ssh-rsa [KEY-1] ssh-rsa [KEY-2].
Currently, Multiple SSH keys per user are not supported within EOS CLI.
However there is a workaround to accomplish this:
We can do this by manually modifying the ~.ssh/authorized_keys file from the bash shell and pasting all the public keys there because this is not reflected in the running config. The file will not survive software upgrades/reboots, however, we can make a backup of the authorized_keys file (for example on /mnt/flash) and configure an event handler to copy the authorized_keys file after the switch boots up.
For Example:
1. I have added the user bhavana and a single ssh key via EOS CLI
conf
username bhavana privilege 15 role network-admin secret sha512 vz5uNRHncbe3FBf.T7z8hWG6Yz3iKjcALcAHng.OvxlEgj3LDBrqjxwm6WXi/Oi1
username bhavana sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArZLVF21YJ1qEYvvL
end
2. I then wanted to add a second key so I logged in as bhavana enter bash mode then changed directories to .ssh .Once entered the .ssh directory I have issued vi authorized_keys file and added the new key.
#bash
$ pwd
/home/bhavana
$ cd .ssh
$ vi authorized_keys
esc G$ to go to the end of the file
esc A then enter to get to the next empty line
copy and paste the new sshkey
:wq! to save the file
3. Copy the authorized_keys file to flash so it will survive a reboot
$ cp authorized_keys /mnt/flash/bhavana_authorized_keys
4. Create an event-handler so upon reboot the switch will copy the file from the flash to users .ssh directory
conf
event-handler sshkeys
trigger on-boot
action bash cat /mnt/flash/bhavana_authorized_keys > /home/bhavana/.ssh/authorized_keys
end
