• Tag : SSH

 
 

Persistent File Systems in vEOS

I’ve been playing around with Ansible and using authorized_keys for some of it. I’ve noticed that in vEOS the user directories don’t survive upon reboot. Is there a place I can put authorized_keys files that will survive a reboot to allow password-less logins?

Console Troubleshooting Guide

Objective The objective of this document is to outline the common issues faced while using a console cable/server to access an Arista Switch. This document lists the troubleshooting steps to isolate the issue with these connections. Introduction In order to access the device, we use either an SSH or a Console connection. Normally, the console port is used for serial access to the switch and is used in the following cases: • initial provisioning of the device manually (when the management ports are not assigned IP addresses) • the device is inaccessible remotely via SSH Please refer to the appropriate...
Continue reading →

SSH not working on alternative port

I am using the config below on a vEOS virtual machine on VMware ESXi. I would like to run SSH on an non-default port. When I skip the server-port 2222 line, SSH works on port 22. When I enable the line connection is denied on port 22, and does time out on port 2222. Is this a bug or am I doing something wrong? ! Command: show running-config ! device: veos (vEOS, EOS-4.21.1.1F) ! ! boot system flash:/vEOS-lab.swi ! transceiver qsfp default-mode 4x10G ! logging console notifications ! hostname veos ip name-server vrf MGMT 10.200.70.67 ip name-server vrf MGMT 10.200.70.77...
Continue reading →

remote SSH and command execution using bash

Hi, I am trying to SSH from one arista to another then execute a file. if i run below commmand manually on first arista cli it’s connected second switch and execute file correctly. SW01#bash ssh -i /home/admin/.ssh/id_rsa 1.1.1.2 bash /home/admin/eth1_up.sh but when i want to automate and write an event-handler on first arista it’s connected second switch but not execute file. ! event-handler test trigger on-intf Ethernet1 operstatus action bash /home/admin/test.sh ! test.sh if [ “$OPERSTATE” = “linkdown” ] ; then Cli -p 15 -c’ bash ssh -i /home/admin/.ssh/id_rsa 172.25.85.101 bash /home/admin/eth1_up.sh ‘ fi what could i missing? Thanks in...
Continue reading →

Other interfaces still accepting SSH with management VRF defined

Hi all, I’m attempting to lock all management protocols down to a management VRF.  This is on the 7280 platform, running 4.15.6M-3137476.4156M My management interface is actually a VLAN interface, not a physical interface.  To accomplish that: [code] management ssh idle-timeout 30 vrf MGMT [/code] and of course: [code] interface Vlan50 vrf forwarding MGMT ip address 192.0.2.1/24 [/code] However, there are other VLAN interfaces on this device, and they’re still accepting ssh connections: [code] interface Vlan16 ip address 192.168.0.2/24 ip virtual-router address 192.168.0.1 [/code]   In that example, I can still SSH in to the 192.168.0.2 address, even though it’s not in...
Continue reading →

Slow SSH Login

A common issue is when accessing a switch via SSH it takes a long time for the user to login and then after that the connection flows smoothly. This is generally due to the fact that SSH does a reverse DNS lookup for the remote device and the DNS query times out. Another common issue is that the management interface is in a VRF but the name servers are not defined in the VRF. To configure a name server in the vrf “management” ip name-server vrf management 10.1.1.10 Ensure that you can ping the DNS server from the switch. If the DNS server...
Continue reading →

Introduction to Managing EOS Devices – Setting up Management

Note: This article is part of the Introduction to Managing EOS Devices series: https://eos.arista.com/introduction-to-managing-eos-devices/      1) Setting Up Management The following management tools are available on Arista EOS for all platforms: VRF-aware management Telnet and SSH Syslog and Console Logging SNMP Versions 1 and 3 NTP DNS Local and remote user control (AAA) TACACS+, RADIUS sFlow XMPP eAPI   Note: in the following configuration examples, the commands in square brackets are optional: [optional]   1.1) VRF Aware Management As of release 4.10.1, EOS supports the ability to constrain management functions to a VRF. This enables the user to separate management based functions...
Continue reading →

How to backup EOS configs to a remote server

This article describes how a switch can push its configuration to a remote server, either on demand or periodically. Automating remote authentication using SSH keys Generate public/private DSA key pair: [root@Arista root]#ssh-keygen -t dsa Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. Create an ssh config file for the (in this example) root user. Make sure the formatting is correct. [root@Arista ~]#vi /root/.ssh/config Host * IdentityFile /root/.ssh/id_dsa Copy the public key to the remote...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: