[rancid] Can clogin prompt for a password?
Patrick Okui
pokui at psg.com
Wed Sep 28 22:22:13 UTC 2016
On 6 Sep 2016, at 21:33 EAT, heasley wrote:
> Thu, Sep 01, 2016 at 12:25:09AM +0300, Patrick Okui:
>> On 4 Aug 2016, at 20:29 EAT, heasley wrote:
>>
>>> [ it would be nice if vendors would store ssh keys like junos, so
>>> you
>>> could use ssh-agent ]
>>
>> Cisco quietly added support for this some time back. Not sure which
>> vendors support/not support this these days.
>
> isnt this XR only? I rather expected this to ubiquitous across the
> industry by now.
>
Late comment but no. IOS 15 added support for RSA based keys. All you
have to do is check for the availability of the `ip ssh pubkey-chain`
command, or select “SSHv2 Enhancements for RSA keys” under the
[cisco feature
navigator](http://tools.cisco.com/ITDIT/CFN/jsp/by-feature-technology.jsp)
To get round the 255 character limit some IOS devices will impose you
can just look at the hash of the key with `ssh-keygen -l -f
~/.ssh/id_rsa.pub | awk '{gsub(/:/,"",$2); print $2}'` and use key-hash
ssh-rsa <HASH> instead of asking the router to do that for you.
--
patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20160929/0b192ed2/attachment.html>
More information about the Rancid-discuss
mailing list