Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configuring a system for SSH access using shared public keys

This section provides a sample configuration of a vRouter for SSH access by using shared public keys, as shown in the following figure.

Figure 1. Configuration for SSH access by using shared public keys

The example shows how to configure a vRouter for SSH access that uses shared public keys for authentication and to disable password authentication (though disabling password authentication is not a prerequisite to using shared public keys for authentication). In this case, the John Smith user (username = john ) already exists on the system. In addition, the public key (xxx.pub ) was previously generated (by using the Linux ssh-keygen command) and is located in a directory owned by the j2 user on xyz.abc.com.

To configure a system for SSH access by using shared public keys, perform the following steps in configuration mode.

Table 1. Configuring a system for SSH access by using shared public keys
Step Command

Set the system to disable password authentication for SSH. Note that this step is not strictly necessary but required if users are to use only shared public key authentication.

vyatta@R1# set service ssh disable-password-authentication

Commit the change.

vyatta@R1# commit

Display the changes.

vyatta@R1# show service ssh disable-password-authentication

Load the shared public key (xxx.pub ) from the system on which it is located and associate it with the user named john. In this case, it is located on xyz.abc.com in a directory owned by the j2 user.

vyatta@R1# loadkey john
 
scp://j2@xyz.abc.com/home/j2/.ssh/xxx.pub
Enter host password for user 'j2':
################################### 100.0% Done

Commit the change.

vyatta@R1# commit

Save the configuration so that the changes persist after reboot.

vyatta@R1# save

Saving configuration to '/config/config.boot'...
Done

Display the change.

vyatta@R1# show system login

user vyatta {
    authentication {
        encrypted-password $1$$ZbzUPUD24iyfRwCKIT16q0
    }
}
user john {
    authentication 
        encrypted-password $1$$Ht7gBYnxI1xCdO/JOnodh.
        plaintext-password ""
        public-keys j2@xyz.abc.com {
key AAAAB3NzaC1yc2EAAAABIwAAAIEAqaCtQr8hr6iUEvvQD3hGyryR5k
+/UjFRFrHbqHNhjxdlYviXveVXoZrKAKHtANRp5E+j4WZMbSd4oYt9P9lF
evyZv3xmdZE+ukuPlQBBAUnL29k1FtJ+G7I5tXGun9VR07JzUpEb8/KP1U
4ajYClc3HxpOLpu5AU5u7jvKu/wA0=
             type ssh-rsa
         }
    }
    full-name "John Smith"
}