Image Modified

!!!! Read before starting: if ansible run as root >>>>> use root's id_rsa file !!!!

!!!! But if it's for Juniper, use the user account to log into the router !!!!

juniper.junos module does not send a file to the router, but use netconfig

1- create the Private key & Public key ( .pub) on the Client: ssh-keygen
2- copy the public key to the server: ssh-copy-id or just a sftp
3- To set up SSH agent to avoid retyping passwords, you can do:
4- SSH test ( will ask for the passphrase once!)
5- check the Local keys:
6- check the Remote keys:

...

or just copy the file using ( if ssh-copy-id not supported ):

scp id_rsa.pub ansible@192.168.99.111:/var/home/ansible/

sftp ansible@192.168.99.11 ( then put /project/id_rsa.pub /var/home/ansible/id_rsa.pub )

...

Code Block

title	sftp ansible@192.168.99.11
collapse	true

scp  id_rsa.pub ansible@192.168.99.111:/var/home/
Password:
id_rsa.pub                                                        100%  520    77.8KB/s   00:00

or

/project # sftp root@192ansible@192.168.99.11
root@192ansible@192.168.99.11's password:
Connected to 192.168.99.11.
sftp> put /rootvar/home/.ssh/id_rsa.pub  /rootvar/home/.ssh/id_rsa.pub
Uploading /rootvar/home/.ssh/id_rsa.pub to /var/roothome/.ssh/id_rsa.pub
/var/roothome/.ssh/id_rsa.pub                                                       100%  386   502.9KB/s   0.4KB/s   00:00

sftp> ls .ssh/
id_rsa.pub

sftp> pwd
Remote working directory: /var/home/root

sftp> exit
/project #

Code Block

title	after reboot

After a reboot of the server the key may change, will need to be reload on the vMX!

Check: after the ssh-copy-id, on the remote server: before/after ( /root/.ddh or /home/<username>/.ssh/ )

...

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyKQ+IXr/yiLt7N/SSh4++V8G3K0ZoU1Pi/M85D/5Gtuh6kq6DAqk/F/lUxc0QFZNVGB9r1fCyVtwuGVhxaImXbziB0gRbBG2uclwwH0bbQUDNm+MJ5QtXjRGCmelNa5DpzfdVI8MzkJN+TI+9PJm1CuuyfBIId554IiFOKsCmt8ORCkU4X+zdXkwZeMv+7jW9sqgYHbEU7m3DU1goJYko8mKMZabpkDUu1sxktGXgMEb3uanID5ViV4VSSxv8c9yVe896cXTmZBra0Dq2NU6WWRWe/fvcukeIO5knNiGTBCpbgpNZM3u11rYbzni/Nun7oKDqBg6+aO4EI0tDn4ZP /root/.ssh/id_rsa

Code Block

title	ssh-agent and ssh-add
collapse	true

/project # ssh-agent ash

passphrase is Juniper1 ( just because it's easier )

/project # ssh-add /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)


/project # ssh-add -l
2048 SHA256:5O9zJxxxxxxxxxxxxxxxxxxxxxxxxxxxxxY /root/.ssh/id_rsa (RSA)


/project # ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAxxxxxxxxxxxVLOqaPmqAbguhcbH /root/.ssh/id_rsa


/project # ssh root@192.168.99.11
--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC
root@vMX1%

Code Block

title	public key on vMX
collapse	true

root@vMX1% ls /root/.ssh/
authorized_keys id_rsa.pub      known_hosts


set system root-authentication load-key-file /root/.ssh/id_rsa.pub

4- SSH test ( will ask for the passphrase once!)

...

Versions Compared

Old Version 19

New Version Current

Key

!!!! Read before starting: if ansible run as root >>>>> use root's id_rsa file !!!!

!!!! But if it's for Juniper, use the user account to log into the router !!!!

juniper.junos module does not send a file to the router, but use netconfig

4- SSH test ( will ask for the passphrase once!)

Page Comparison

Versions Compared

Old Version 19

New Version Current

Key

!!!! Read before starting: if ansible run as root >>>>> use root's id_rsa file !!!!

!!!! But if it's for Juniper, use the user account to log into the router !!!!

juniper.junos module does not send a file to the router, but use netconfig

1- create the Private key & Public key ( .pub) on the Client: ssh-keygen2- copy the public key to the server: ssh-copy-id or just a sftp3- To set up SSH agent to avoid retyping passwords, you can do:4- SSH test ( will ask for the passphrase once!)5- check the Local keys:6- check the Remote keys:

4- SSH test ( will ask for the passphrase once!)