I want to add two ssh keys for one user, so I added two keys user using the CLI, however, it seems only the first key is only what is accepted to login without password.
Here’s an example: username admin ssh-key ssh-rsa [KEY-1] ssh-rsa [KEY-2].
Currently, Multiple SSH keys per user are not supported within EOS CLI.
However there is a workaround to accomplish this:
We can do this by manually modifying the ~.ssh/authorized_keys file from the bash shell and pasting all the public keys there because this is not reflected in the running config. The file will not survive software upgrades/reboots, however, we can make a backup of the authorized_keys file (for example on /mnt/flash) and configure an event handler to copy the authorized_keys file after the switch boots up.
For Example:
1. I have added the user bhavana and a single ssh key via EOS CLI
conf
username bhavana privilege 15 role network-admin secret sha512 vz5uNRHncbe3FBf.T7z8hWG6Yz3iKjcALcAHng.OvxlEgj3LDBrqjxwm6WXi/Oi1
username bhavana sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArZLVF21YJ1qEYvvL
end
2. I then wanted to add a second key so I logged in as bhavana enter bash mode then changed directories to .ssh .Once entered the .ssh directory I have issued vi authorized_keys file and added the new key.
#bash
$ pwd
/home/bhavana
$ cd .ssh
$ vi authorized_keys
esc G$ to go to the end of the file
esc A then enter to get to the next empty line
copy and paste the new sshkey
:wq! to save the file
3. Copy the authorized_keys file to flash so it will survive a reboot
$ cp authorized_keys /mnt/flash/bhavana_authorized_keys
4. Create an event-handler so upon reboot the switch will copy the file from the flash to users .ssh directory
conf
event-handler sshkeys
trigger on-boot
action bash cat /mnt/flash/bhavana_authorized_keys > /home/bhavana/.ssh/authorized_keys
end
Arista Networks, Inc. uses cookies to ensure that we give you the best experience on our website.
By continuing to use our site, you indicate that you consent to receive cookies from our website. Details about Arista's use of cookies can be found here.