I have a backup server, which should backup the router configuration files securely for a list of routers.
My colleagues applied this in Juniper but unfortunately am unable to figure it out on Cisco routers.
The requirement is as follows:
I want to execute a cron job on the backup server, which will backup the running configs for a list of routers using ssh and without specifying a password. I want to insert a certificate into the routers, which was created on the backup server for a specific username called "backup_user”. Then when the cron job is executed it will issue the required command(s) without specifying any password or ask for any user confirmation/prompt.
Am thinking to breakdown this requirement as follow:
The first step is that I want to execute "ssh -l backup_user 188.8.131.52" on the backup sever from the command line so that I will login to the router, which is having 184.108.40.206 as a loopback IP, without being asked for a password/prompt. Being asked for any confirmation/acceptance for the first time accessing the router from the backup server is ok, but later I don’t want to be asked for any questions while trying to login/access the 220.127.116.11 router from the backup server. So how can I do that ?
My colleagues who implemented it in Juniper did the following:
1- They created a self-signed certificate in the backup server banded to user "backup_user".
2- They create a local user on the router also called "backup_user".
3- They imported the certificate generated in the backup server into the router and they binded it to the local user "backup_user". How can I do both in Cisco routers ?
4- They issued the "ssh -l backup_user x.x.x.x" from the backup server. Once they did that, they were able to login to the router.
So the point here is that instead for the router to ask for a password to authenticate "backup_user" who is accessing from the backup server, it won't ask for it and it will consider the user as legitimate and he will be granted access. How this can be done ?
I ma trying to loging in to Cisco Router uc540 from Linux server using rsa ssh key of Linux server without asking password.
its worked but router is asking passphare key every login time when i am login from linux server.
I have enabled the AAA login and even i given 15 privalage access to backup user on the router uc540.
And another one problem is that when i login into cisco uc540 router using ssh private key from linux server its first asked me for passphare after that i logged into the cisco router, but still i am on non configuration user mode and then i need to type enable password to copy the backup configuration file of cisco router.
Kindly help me implemate this auto backup from linux server to cisco router using ssh private and publick key.
I am trying to set this up for about 50-60 switches and routers, and I want to ssh into them from a couple of computers without asking for login. I am having a hard time setting it up, can you please post the steps you have taken to do so.
I have created a truspoint, which I do not think that I need but it tells me that I need to authenticate it somehow and the other problem I have is how to send teh public key to the machine I am trying to ssh from.
Can you provide the output of show run | in aaa and show run | beg line vty 0 15 from the router please.
You can actually use the below listed command. It basically disables authentication and won't prompt for username and password. Remember, we are using default and not any method list so it will disable authentication on all lines including console.
IOS(config)#aaa authentication login default none
If you would only like to disable authentication on a specific line then create a method list and apply it on that line.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...