Posted on July 4, 2019 3:14 pm
 |  Asked by Davide Ganna
 |  14242 views
RESOLVED
1
0
Print Friendly, PDF & Email

Good evening,

I’d like access an Arista vEOS through SSH. Since I’m completely new to SSH (so far I’ve only accessed switches through the CLI) I am looking for the commands to enter to enable SSH on the switch.

I have a network automation container, I type ssh 192.168.122.11 and it asks me for a password. How do I set this password? How to generate keys? Please post the commands needed to access the switch via SSH since I don’t have much familiarity with Arista.

Thank you in advance,

Davide

2
Posted by Tamas Plugor
Answered on July 4, 2019 5:56 pm

SSH is enabled by default and a key is generated by default, but you need to have a username/password to be able to login

you can configure a username with:

username admin role network-admin priv 15 secret arista

You can also configure passwordless authentication with:

username admin privilege 15 role network-admin nopassword
aaa authentication policy local allow-nopassword-remote-login

Our config guide should be helpful:

https://www.arista.com/en/um-eos/eos-section-4-7-aaa-commands#ww1349963

To modify ssh params you can go to global config and go to management ssh config mode. You can see the default params by doing ‘show active all’

ats324…17:50:35(config)#management ssh
ats324…17:50:37(config-mgmt-ssh)#sh active
ats324…17:50:39(config-mgmt-ssh)#sh active all
management ssh
idle-timeout 0
authentication mode keyboard-interactive
server-port 22
cipher aes256-gcm@openssh.com aes128-gcm@openssh.com aes256-ctr aes192-ctr aes128-ctr
key-exchange curve25519-sha256@libssh.org ecdh-sha2-nistp521 ecdh-sha2-nistp256 ecdh-sha2-nistp384 diffie-hellman-group14-sha1
mac hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha1-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1
rekey frequency 3 gbytes
rekey interval 0 seconds
hostkey server ed25519 rsa ecdsa-nistp521
connection limit 50
no fips restrictions
no hostkey client strict-checking
authentication empty-passwords auto
default client-alive interval
default client-alive count-max
no shutdown
login timeout 120
log-level info
qos dscp 0

You can see the current ssh keys with the following command:

show management ssh hostkey (rsa | dsa) public

You can regenerate them if you want, however not necessary:

reset ssh hostkey (rsa | dsa)

The keys are stored in /persist/secure folder, which you can see from bash

ats324...17:54:52#bash

Arista Networks EOS shell

[admin@ats324 ~]$ cd /persist/secure
[admin@ats324 secure]$ ls -lt
total 60
-rw-rw-rw- 1 root root 620 Jun 24 13:14 ssh_host_dsa_key.pub
-rw-rw-rw- 1 root root 284 Jun 24 13:14 ssh_host_ecdsa_key.pub
-rw-rw-rw- 1 root root 192 Jun 24 13:14 ssh_host_ecdsa_nistp256_key.pub
-rw-rw-rw- 1 root root 112 Jun 24 13:14 ssh_host_ed25519_key.pub
-rw-rw-rw- 1 root root 412 Jun 24 13:14 ssh_host_rsa_key.pub
-rw-r--r-- 1 admin eosadmin 3132 Feb 15 19:29 self_cert.pem
-rw-rw-rw- 1 cvpadmin eosadmin 989 Sep 17 2018 capicsr.csr
-rw-rw-rw- 1 cvpadmin eosadmin 1704 Sep 17 2018 capikey1.pem
drwxrwxrwx 4 root root 120 Jan 30 2018 license
drwxrwsr-x 6 root eosadmin 140 Dec 19 2017 ssl
-rw-r----- 1 root ssh_keys 365 May 18 2017 ssh_host_ecdsa_key
-rw-r----- 1 root ssh_keys 227 May 18 2017 ssh_host_ecdsa_nistp256_key
-rw-r----- 1 root ssh_keys 387 May 18 2017 ssh_host_ed25519_key
-rw------- 1 root root 668 May 18 2017 ssh_host_dsa_key
-rw------- 1 root root 1679 May 18 2017 ssh_host_rsa_key
-rwxrwxrwx 1 root root 1103 May 18 2017 capi.pem
-rwxrwxrwx 1 root root 1708 May 18 2017 capikey.pem

Hope this helps!
Tamas

2
Posted by Jack Shen
Answered on July 4, 2019 9:04 pm

Hi Davide,

SSH is enabled by default. The default user “admin” does not have password so you need to provide one:

configure terminal
username admin secret admin

then as long as you can connect to the management port you can ssh admin@your_mgmt_ip_addr

Keys are pre-generated by linux. You don’t need to worry about it unless you want to regenerate.

0
Posted by Davide Ganna
Answered on July 5, 2019 12:34 pm

Perfect, thank you both!

0
Posted by obioma okoroafor
Answered on November 16, 2021 8:16 am

Hello,

I have a similar issue with my Arista 7050S-52 running on EOS-4.8.3.swi.

I am also new to arista switches and would like to setup ssh and access the switch

via ssh. Please provide me with the command to achieve this.

Also, I have trouble copying the EOS image via tftp server. The process starts without a prolem

but stops running after a while. I am able to copy it via USB but not tftp.

Any idea what the problem is?

Thank you.

0
Answered on November 16, 2021 2:07 pm

Hello Obioma,

You will need to upgrade the EOS version first to the latest one available however please consult your account SE for the upgrade path as you will need to do a step upgrade and also the version you are running is too old and is EOL.

Please refer to the EOS guide below

https://www.arista.com/en/support/product-documentation (EOS System Configuration Guide)

Our config guide should be helpful for setting up your device for SSH access

https://www.arista.com/en/um-eos/eos-section-4-7-aaa-commands#ww1349963

File Transfer Commands (https://www.arista.com/en/um-eos/eos-command-line-interface-cli?searchword=tftp)

Do you get any errors when copying the image via TFTP?

Regards,
Pushkar

0
Posted by obioma okoroafor
Answered on November 17, 2021 12:33 am

Hello Pushkraj,

I get the following error message when I run the copy command.

curl: (28) getpeername() failed with errno 107: Transport endpoint is not connected
% Error copying flash:EOS-4.8.3.swi to tftp:/192.168.10.19/EOS-4.8.3.swi ()

It copies only about 14% of the image and the copy speed drops to 0. After a while, the above

error message is produced.

Thank you.

0
Posted by obioma okoroafor
Answered on November 17, 2021 12:46 am

Also, can you provide me with the EOS-4.8.3 Manual?

I have not had any luck with finding it.

Thank you.

0
Answered on November 17, 2021 10:09 am

Hello Obioma,

We do not have EOS-4.8.3 guide available on the website. You will need to upgrade the EOS version. Is there any specific information you are looking for? and cannot find it in the below link?

https://www.arista.com/en/support/product-documentation (EOS System Configuration Guide)

https://www.arista.com/en/support/software-download (Under EOS)

The error you are seeing looks to be a connection issue where it drops in between.

https://www.unix.com/solaris/204915-getpeername-transport-endpoint-not-connected.html

You can upgrade the EOS version and then try doing a TFTP.

Regards,
Pushkar

Post your Answer

You must be logged in to post an answer.