Image Modified
!!!! Read before starting: if ansible run as root >>>>> use root's id_rsa file !!!!
!!!! But if it's for Juniper, use the user account to log into the router !!!!
juniper.junos module does not send a file to the router, but use netconfig
1- create the Private key & Public key ( .pub) on the Client:
...
ssh-keygen
2- copy the public key to the server: ssh-copy-
...
id or just a sftp
3- To set up SSH agent to avoid retyping passwords, you can do:
4- SSH test ( will ask for the passphrase once!)
5- check the Local keys:
6- check the Remote keys:
1- create the private & Public key on the Client:
...
| Code Block |
|---|
| title | ssh-keygen |
|---|
| collapse | true |
|---|
| passphrase = ansible123 Juniper1 ( same as: root/Juniper1, because is easier to remember)
/project # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (
!!!!! default will use: root
!!!!! and will put it in /root/.ssh/
/project # ssh-keygen -t rsa -f /root/.ssh/id_rsa): Enter-P passphraseJuniper1 (empty-C forroot
no passphrase):
Enter same passphrase again:Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:gm6e/5Cv5nMVEnnoeh5aFOvahjBdCoD4zZy4cJTuLwA5O9zJGCqTGXyjvintT4ZjzFD7P0pYz6bwWMRPFYtYeY root@fd9589e5bc79root
The key's randomart image is:
+---[RSA 2048]----+
|.. . o =o |
|o + = . =. . |
| + * . . = * E. |
|E = *. =+oo * . |
|
|.+ ..o.*S. . B +S. |
| . O..o.o +o= . |
| . .oooO o + +.O=..+ |
| .o. +.*o*=+ . |
| .o+o+*o +=.o |
+----[SHA256]-----+ |
| Code Block |
|---|
| title | id_rsa.pub on the vMX |
|---|
| collapse | true |
|---|
| Key |
/project #on the vMX ( once copied )
root@vMX1% ls /var/home/ansible/:
.ssh id_rsa.pub
root@vMX1% more /var/home/ansible/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/DLTV+Qzxxxxxxxxxxxxxx6egBTuBB+60d ansible
>>> notice the "root" at the end of the public key <<<<<<< |
|
| Code Block |
|---|
| title | show keys |
|---|
| collapse | true |
|---|
| /project # ls /root/.ssh/
id_rsa id_rsa.pub known_hosts
/project #
/project # more /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAxxxxxxxxxxcccccccccccccccccccccccQOka7obnxEqD0ot799TtwsbraxVdiUeaFOymbqCjVeUjVdD8p0+JNlCVJIFRn7dO5nx/PuONUw9n5aW6smNq5TWFF5UfjfIUM7ShCVwOo3wXWPhxJhrl85b9A2WMBTa/hZTeukIbNCI82xq7zuCReTUtA+Oz9P1jVu/WgrijHOf/zkzCSwvHt9MEgdaYy3F6HuoOksTXDGM8nPCw93m9cnSkrdndCL7cJQjOBtz4KluCaALyMs4LwUlBVKy70stjMvxIuVSKnkOqlLD root@fd9589e5bc79
/project #
AAAAB3NzaC1yc2EAAAADAQABAAABxxxxxxxxxxxxxxxxxxxxxxxxxxAbguhcbH root
/project # more /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2C9AC05EC004F4E7CFA7DBFA199FC4ECF14E90E60C8CB07240DBA331EB53B03B
qCQ1Rvb1DlmuEoRk964akjn3g0hDN5MCtDLqMwaFfsPbGOQkPCxlvioqaRXX42CD
eH3XQPWziRwPHAfM8+ZEplvumegXLEON9o5H1jC6KHRu7RhcuUsLo+4XBqYSrCru
fLT5ZI3I8zmppb1ycexxxxxxxxxxx+3e/htUwO0N954Mn7UmaWWKxpgcGVZzmyTQ
68ZfkSz3uEQoHtzApR31tn+ZnKbJM2//aA0UsR+Q+cWuXd5QLl/U+vpilhV+PZx8
j/j51pP9c5jDjn/H4LOxWuL5isAPHPYFoZIsj//guoyXM94Z/zztW800492R7DQ1
T9ijXgQhQNwYjiL8/avg4fbE+C4EfRBvgfi2uv+gVeQte9XN+1OyMoDyJ9VdymQF
Dqn/xLRxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxoWrrVSoba6ubr293B1FNDnL
XdCbRvzlMMHBWXYeDUmGevec8vve/jcBmOax+EOfDa4TU+r/0lEQxfVeYetIrv6I
Iv8LWs5Kp2UP4Nu3z9x/Op945JqqYWKU5LIaLuRMwOoc4BXjxhf8gnAvEtI0+LZO
aoI72+44KjUVAUxnGwUCLVsMg5f+8ym7L8IMkfBYfP0EL5u1yNhsnPczkje5QNm+
isp8vUkUNfDf/3AOLy/HsVNgmGO944HBbQoxnWl5tTX6PIELzWMm05jPBU/+rWSlx+ubL+RDa9jOrRfbut42a3slT+Y8Ooyl5g3UrrLNS8IMFyPip9FFBnGowz2B97G7
eVIsfWnOWsIzxYaqQhs1kZUsQGQoarxm20KeLleF7YA2tfFaa0cc/GKZWpy8aVnF
artWpjSwtrx8PaRCSykWadcgES2k4RPok4QKzq1PaaCA2DkWGTb4fZUYaZXm5Itt
Rx8BerEogQNh2WOAJPSlj96yFYOhQa+cRU1efZEB9Hc2DxgHH/FDT/gTGqrz4lfu
23yNWNtAihM+0SFmSaerm4pqjwIqHjfG8dXVBIxa+L6QNOt4dnRqCieNVlYxlUL6
uRRDgpukRz/tVTGJbQc0NtJVSoBBm1MjhnSG8S4G07nFUtd/RxxUXDXDYPZHyT2G
/fATG17zeXx0NGA3XFyfbyCUc1+cVm5ToKCsvmMumJ8Q6bsDKUfdwJmBT4jgtB9v
wFvn3kcqp7z47Gf9UgqTs1YtHPP479cSmEjiw2GFKCzGUvfNEpONzvyE0r+d9psW
-----END RSA PRIVATE KEY-----
/project #
|
|
|---|
RSA:
-Asymmetric Encryption: Private and Public key
-#Diffie-Hellman
-2,048 bits (or 617 decimal digits )
-Rivest-Shamir-Adleman
...
-Symmetric Encryption Algorithms
-Block cipher ( 128-bit block message + 128-bit key) >> 128-bit cipher text
- Advanced Encryptiuon Standard
On the server create a pair of key, directory /root/.ssh/
2- copy the public key to the server:
ssh-copy-id ansible@192.168.99.11
or just copy the file using: sftp/sshusing ( if ssh-copy-id not supported ):
scp id_rsa.pub ansible@192.168.99.111:/var/home/ansible/
sftp ansible@192.168.99.11 ( then put /project/id_rsa.pub /var/home/ansible/id_rsa.pub )
( or with sftp tool like mobaxterm )
| Code Block |
|---|
| title | sftp ansible@192.168.99.11 |
|---|
| collapse | true |
|---|
| scp id_rsa.pub ansible@192.168.99.111:/var/home/
Password:
id_rsa.pub 100% 520 77.8KB/s 00:00
or
/project # sftp ansible@192.168.99.11
ansible@192.168.99.11's password:
Connected to 192.168.99.11.
sftp> put /var/home/.ssh/id_rsa.pub /var/home/.ssh/id_rsa.pub
Uploading /var/home/.ssh/id_rsa.pub to /var/home/.ssh/id_rsa.pub
/var/home/.ssh/id_rsa.pub 100% 386 502.9KB/s 0.4KB/s 00:00
sftp> ls .ssh/
id_rsa.pub
sftp> pwd
Remote working directory: /var/home/
sftp> exit
/project # |
| Code Block |
|---|
| After a reboot of the server the key may change, will need to be reload on the vMX! |
|  Image Modified
Check: after the ssh-copy-id, on the remote server: before/after ( /root/.ddh or /home/<username>/.ssh/ )
 Image Modified
|
|---|
3- To set up SSH agent to avoid retyping passwords, you can do:
...
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyKQ+IXr/yiLt7N/SSh4++V8G3K0ZoU1Pi/M85D/5Gtuh6kq6DAqk/F/lUxc0QFZNVGB9r1fCyVtwuGVhxaImXbziB0gRbBG2uclwwH0bbQUDNm+MJ5QtXjRGCmelNa5DpzfdVI8MzkJN+TI+9PJm1CuuyfBIId554IiFOKsCmt8ORCkU4X+zdXkwZeMv+7jW9sqgYHbEU7m3DU1goJYko8mKMZabpkDUu1sxktGXgMEb3uanID5ViV4VSSxv8c9yVe896cXTmZBra0Dq2NU6WWRWe/fvcukeIO5knNiGTBCpbgpNZM3u11rYbzni/Nun7oKDqBg6+aO4EI0tDn4ZP /root/.ssh/id_rsa
| Code Block |
|---|
| title | ssh-agent and ssh-add |
|---|
| collapse | true |
|---|
| /project # ssh-agent ash
passphrase is Juniper1 ( just because it's easier )
/project # ssh-add /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
/project # ssh-add -l
2048 SHA256:5O9zJxxxxxxxxxxxxxxxxxxxxxxxxxxxxxY /root/.ssh/id_rsa (RSA)
/project # ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAxxxxxxxxxxxVLOqaPmqAbguhcbH /root/.ssh/id_rsa
/project # ssh root@192.168.99.11
--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC
root@vMX1%
|
|
| Code Block |
|---|
| title | public key on vMX |
|---|
| collapse | true |
|---|
| root@vMX1% ls /root/.ssh/
authorized_keys id_rsa.pub known_hosts
set system root-authentication load-key-file /root/.ssh/id_rsa.pub |
|
|---|
4- SSH test ( will ask for the passphrase once!)
...