NeDi Community

NeDi Software Specific => Installation => Topic started by: Alimachina on June 06, 2018, 10:48:55 AM

Title: Public-key authentication with ssh
Post by: Alimachina on June 06, 2018, 10:48:55 AM
In the nedi.conf we can define users for telnet and ssh access, which is useful for CLI.

We have a radius server for users authentication on our switches, so there isn't any "generic user".
So I guess we have to use one of our users, that's ok.
But I want to hide the password.
I'm not sure how to do :
"Use public-key authentication with ssh, if you do not want to have pw here in cleartext."


If I connect to a switch with SSH on the NeDi server, I'll have the RSA key fingerprint for this device, but then how to tell to NeDi to use it ?
Title: Re: Public-key authentication with ssh
Post by: ascii on June 07, 2018, 08:23:53 AM
i'm not using key files.
but i looked in the inc/libcli.pm

i found these line arround 664 depending on your version of nedi
Code: [Select]
}elsif($po == 22){
                 my $known = "-o 'StrictHostKeyChecking no'";

i guess you can try to set the keyfile there.

maybe you need to set a dummy password in the nedi config.
Title: Re: Public-key authentication with ssh
Post by: rickli on June 08, 2018, 12:52:08 PM
The StrictHostKeyChecking option can be turned off to ignore hostkeys on switches (update with -kK), but has nothing to do with public-key auth...

First off, you can "encrypt" the PW in nedi.conf (see context help in System-Files) or as ascii wrote add the public key of your machine to the authorised keys on the switch and use a dummy PW...
Title: Re: Public-key authentication with ssh
Post by: Alimachina on June 11, 2018, 10:33:49 AM
Can you give me more details about the encryption part plz ?
I looked in the help page and in "The NeDi Guide" but with no luck.
Title: Re: Public-key authentication with ssh
Post by: rickli on June 13, 2018, 12:10:02 AM
Use System-Files to edit nedi.conf. Click the padlock to open the "encryption popup". Enter clear PW and copy result back in nedi.conf:
usrsec    admin 41326464

You can increase security by changing the secret in the function XORpass() in libmisc.pm, but don't forget it after the next update...
Title: Re: Public-key authentication with ssh
Post by: Alimachina on June 13, 2018, 05:09:47 PM
Thanks Rickli  ;)

Dunno why I never thought to click on this padlock before... :-[
I saw it's also available in the shell with "nedi.pl -Z my_password_here pw".
I had to "reset CLI  access" for my previous already discovered devices, and now it works like a charm !