Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Modified


!!!! Read before starting:     if ansible run as root >>>>> use root's   id_rsa   file !!!!

!!!! But if it's for Juniper, use the user account to log into the router !!!!

juniper.junos module does not send a file to the router, but use netconfig


1- create the Private key & Public key ( .pub) on the Client:       ssh-keygen
2- copy the public key to the server:               ssh-copy-id   or just a sftp
3- To set up SSH agent to avoid retyping passwords, you can do:
4- SSH test ( will ask for the passphrase once!)
5- check the Local keys:
6- check the Remote keys:

...


Code Block
titlessh-keygen
collapsetrue
passphrase = ansible123 Juniper1  ( same as: root/Juniper1, because is easier to remember) 

/project # ssh-keygen

!!!!!  default wullwill use: root 
!!!!!  and will put it in /root/.ssh/ 


/project # ssh-keygen -t rsa  -f /projectroot/.ssh/id_rsa -P ansible123Juniper1 -C ansibleroot
Generating public/private rsa key pair.
Your identification has been saved in /projectroot/.ssh/id_rsa.
Your public key has been saved in /root/project.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:gjLEcnkqJ5bE6O/KBH5c1mGle6clTJNqDvQ+72CIy0w ansible5O9zJGCqTGXyjvintT4ZjzFD7P0pYz6bwWMRPFYtYeY root
The key's randomart image is:
+---[RSA 2048]----+
|         . =o     |
| |o. .    o . =. .    |
|oo=     .  * E. + +   |
|   | |o+.o..+ * .. =+oo       |
|++= .+.*S+ o     B +S.       |
|++oo+ *    . O..o. =.    |
 | | o E+ . * .  +.O=..+     |
|o * . +. *o*=+ .    |
|  | | o.=    .o+o++=.o       |
+----[SHA256]-----+


Code Block
title
show keys
id_rsa.pub on the vMX
collapsetrue
/project
Key 
#
on 
more id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAxxxxxxxxxxxxxxxxxxxxxxxPhGutC3GzMrtI+oYiT ansible /project # more id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,05388A42A5804ABDF36414653984ABE6 vMRf+ef7ZuiS1nnur4HsAgF+I+ZLkj0gUqvfAQMVCn8HPy1fU7pV7YjhUuGRqfa+ FtDSP6OChx9pU+UBS+Q/6d+FRWhdOvJxfG2Rjrs4i4uc4STyn6N393Ns5M9quEjc tARO9EOcROR73xtXws03jRewwj1YF8rCa+c3jytRzz/IwZZX617t3ANk38s9KKX2 u1H1KCkzDZTTUO7Zp37yzpRa/YIcQ6g8iYuSMgWedzkasolBSLpgGTz+Qg2FrN2+ 3jPksBZdQrYp0gaDVoRtwOOSUqHmlRku3mshN4nhSAFQtcRNNX0FI8+mnrOgil3c TIVc89M+6BzuJAZ9zXwkuNUVRT9/Woh5GXn0yhlSA2DVF9jHpxJ2W69GHUaCUbj8 WunQJxtKTpMp6viu/QIfpBHqLJYJ2NDo8f+G7J6rmz1bB169wAcV6R3YuLkTVbPQ pRS3gj9sem3MPBIT1T+AvqCQ3+uI8qYR+5jHw5rHizwTrm6+GYlJL4ewnTVtjbIV N847W1HD8jeWkddYcbHA/UrHSwiwBdx/tezfdHDvrh46ho0QBz1e99+tjFo+Hm2z KbadPeIJOHvSVYAFzYcazxN69vhgef/bAUKeHvHtyMJzRV/sGeClQD7AAPfd9Fzl PWtH4NBIWTWGhGY8UCkqDUZFGAcDBMunScQuPR7sYnJa6Uc0VWoOJN6C52SNRBtm /ZPfgayPw7lR7ENWl25moY7KAEE6DUEfxbH7Te5UcXx9h9pQQ1Q18oyKx8MYMdxi QnFiTQsCeV7hCX4CqtirMnIIr79r5NmmiyR0jI/Bd/dlGujutbZt0/P/YJU98UV0 F1VmqI2Zfs0N9yvvHMxJIDWkAfe7MtrVvF5kLinZWGMVoTZjMO0nxgdkzQm/DnCY PA+rvWqZTN7hObCDyPiNiOeTMLGT6zAQdwS666iecfqUaj01BUTrvuvKs2Abjpc1 BKtWI8yfKPA8HXpPPJ/IU4oLtzq6QbblxOVfCu5mKIoRnUs7uo295W04zo+pXFs6 aVA1mj3ir4+q7wKudj/AjMSp5BYY7Vo9aIyRX1XkPUbpavOsjAtpC/lh9TH7KTOq b11SlmZaUlBgJnNHoceXZ5qXLfbGFCYMgMi5xAEwLiMKb4blah6a7DGPgSxU1JyC 39ci8/WufEyIUHhocpCWHJ7d6UUh0NDXZHLEiB+jJHaLOtt1usQS4EnZ4/z+ddRM PuNJ+fyEkwHhkIQuCIK3UAJRoCCRMG9FA4dgPVwJKyAde6r8KtB5SXjW9gv4FC5d 9o9JTLHWzIOu2+AW49MqSGbwx3xVxtDlHbQUZf0teynZqK//LJMoa3WWQk+xXvaD HjFju/GGZFLy/pDDMucJv7eyUAI3Rl3clvpdrWt3jAHX4IkSJJM728KZ81SwR3w9 EB6Zl7wvUEWHoZtHW1E61k9QubPYXN6tyb/Gt5AdR35s2aU4mY3v43Av3+lznslb ja1oHKvMuAQZ/LoN+ev4+U6IaIhA7BydN5KnS7Ekr0ntwWJGyJvXUxMlEDdd6/QN EzVhd12EjTSh4jTsrb150gaWhGs7RmBRLPqKoU89nz5/xxCDA9/5yh2/ARss2zqJ -----END RSA PRIVATE KEY----- /project # !!!!!!! if using defaut ( root account ) !!!!!!!
the vMX  ( once copied )

root@vMX1% ls /var/home/ansible/:
.ssh            id_rsa.pub

root@vMX1% more /var/home/ansible/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/DLTV+Qzxxxxxxxxxxxxxx6egBTuBB+60d ansible

>>> notice the "root" at the end of the public key  <<<<<<<



Code Block
titleshow keys
collapsetrue
/project # ls /root/.ssh/
id_rsa       id_rsa.pub   known_hosts
/project #

/project # more /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABxxxxxxxxxxxxxxxxxxxxxxxxxxAbguhcbH root
AAAAB3NzaC1yc2EAAAADAQABAAxxxxxxxxxxxxxxxxxxxx
root@fd9589e5bc79
/project # more /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F14E90E60C8CB07240DBA331EB53B03B

x+ubL+RDa9jOrRfbut42a3slT+Y8Ooyl5g3UrrLNS8IMFyPip9FFBnGowz2B97G7
eVIsfWnOWsIzxYaqQhs1kZUsQGQoarxm20KeLleF7YA2tfFaa0cc/GKZWpy8aVnF
artWpjSwtrx8PaRCSykWadcgES2k4RPok4QKzq1PaaCA2DkWGTb4fZUYaZXm5Itt
Rx8BerEogQNh2WOAJPSlj96yFYOhQa+cRU1efZEB9Hc2DxgHH/FDT/gTGqrz4lfu
23yNWNtAihM+0SFmSaerm4pqjwIqHjfG8dXVBIxa+L6QNOt4dnRqCieNVlYxlUL6
uRRDgpukRz/tVTGJbQc0NtJVSoBBm1MjhnSG8S4G07nFUtd/RxxUXDXDYPZHyT2G
/fATG17zeXx0NGA3XFyfbyCUc1+cVm5ToKCsvmMumJ8Q6bsDKUfdwJmBT4jgtB9v
wFvn3kcqp7z47Gf9UgqTs1YtHPP479cSmEjiw2GFKCzGUvfNEpONzvyE0r+d9psW
-----END RSA PRIVATE KEY-----
/project #



RSA:

 -Asymmetric Encryption: Private and Public key
 -#Diffie-Hellman
 -2,048 bits (or 617 decimal digits )
 -Rivest-Shamir-Adleman

...

or just copy the file using  ( if ssh-copy-id not supported ):

scp id_rsa.pub  ansible@192.168.99.111:/var/home/ansible/

sftp ansible@192.168.99.11 ( then put /project/id_rsa.pub /var/home/ansible/id_rsa.pub ) 

( or with sftp tool like mobaxterm ) 



Code Block
titlesftp ansible@192.168.99.11
collapsetrue
scp  id_rsa.pub ansible@192.168.99.111:/var/home/
Password:
id_rsa.pub                                                        100%  520    77.8KB/s   00:00

or

/project # sftp ansible@192.168.99.11
ansible@192.168.99.11's password:
Connected to 192.168.99.11.
sftp> put /var/home/.ssh/id_rsa.pub  /var/home/.ssh/id_rsa.pub
Uploading /var/home/.ssh/id_rsa.pub to /var/home/.ssh/id_rsa.pub
/var/home/.ssh/id_rsa.pub                                                       100%  386   502.9KB/s   0.4KB/s   00:00

sftp> ls .ssh/
id_rsa.pub

sftp> pwd
Remote working directory: /var/home/

sftp> exit
/project #


Code Block
titleafter reboot
After a reboot of the server the key may change, will need to be reload on the vMX!


Image Modified


Check:  after the ssh-copy-id, on the remote server: before/after   ( /root/.ddh  or /home/<username>/.ssh/ )


Image Modified







3- To set up SSH agent to avoid retyping passwords, you can do:

...

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyKQ+IXr/yiLt7N/SSh4++V8G3K0ZoU1Pi/M85D/5Gtuh6kq6DAqk/F/lUxc0QFZNVGB9r1fCyVtwuGVhxaImXbziB0gRbBG2uclwwH0bbQUDNm+MJ5QtXjRGCmelNa5DpzfdVI8MzkJN+TI+9PJm1CuuyfBIId554IiFOKsCmt8ORCkU4X+zdXkwZeMv+7jW9sqgYHbEU7m3DU1goJYko8mKMZabpkDUu1sxktGXgMEb3uanID5ViV4VSSxv8c9yVe896cXTmZBra0Dq2NU6WWRWe/fvcukeIO5knNiGTBCpbgpNZM3u11rYbzni/Nun7oKDqBg6+aO4EI0tDn4ZP /root/.ssh/id_rsa


Code Block
titlessh-agent and ssh-add
collapsetrue
/project # ssh-agent ash

passphrase is Juniper1 ( just because it's easier )

/project # ssh-add /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)


/project # ssh-add -l
2048 SHA256:5O9zJxxxxxxxxxxxxxxxxxxxxxxxxxxxxxY /root/.ssh/id_rsa (RSA)


/project # ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAxxxxxxxxxxxVLOqaPmqAbguhcbH /root/.ssh/id_rsa


/project # ssh root@192.168.99.11
--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC
root@vMX1%




Code Block
titlepublic key on vMX
collapsetrue
root@vMX1% ls /root/.ssh/
authorized_keys id_rsa.pub      known_hosts


set system root-authentication load-key-file /root/.ssh/id_rsa.pub




4- SSH test ( will ask for the passphrase once!)

...