Password less authentication to netopeer2 server using netopeer2-cli

[ChinmayaAgarwal]

Hi,

Is there a way we can configure password less client connection to netopeer2-server using netopeer2-cli in the latest sysrepo/netopeer2-server version? If yes, which yang models/sample XMLs will be used to configure it?

Thanks and Regards, Chinmaya Agarwal.

[michalvasko]

SSH publickey authentication is enabled on the server by default. So you only need to set up the CLI, set the key pair to be used using the command auth keys add <public_key> <privake_key>.

[qupfer]

Edit2:

never mind. I used relative paths and call netopeer2-cli from another one.

OLD:

Hi, I have trouble with it too. But I know, that it worked in the past.

> auth keys
The keys used for SSH authentication:
#0: examples/admin_id_rsa (private examples/admin_id_rsa.pub)

> auth pref
The SSH authentication method preferences:
        'publickey':   10
        'password':    2
        'interactive': 1

> connect 
nc ERROR: Opening an SSH channel failed (Access denied for 'none'. Authentication that can continue: publickey,password).
cmd_connect: Connecting to the localhost:830 as user "root" failed.

> connect --login admin
admin@localhost password: 

Edit:

<keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
  <asymmetric-keys>
    <asymmetric-key>
      <name>genkey</name>
      <algorithm>rsa2048</algorithm>
      <public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6T/ZJ6MX+2CGiMj2IZk1l26qmAA3edHwZ5UWAkAuzycXrVqcgtFh/J8FZA8lYHLF6ByHHILcdH/VmKY+vmPRaGSj+asuxV3hJU31dSESzqxgpyH2FRvZX9763h3rGOQfPI673ig0UBNuF6P6ZkzEfXOQrlzTG4v2BcJbnoR9TC3rRpiSE5dbqv6ZtbRnmD8Y+g2Cmjjv1hCu8inbNObSYHboOQnuRvbEFjJvy+oa4nymgqK+b8tz2d7fGCvHGwN9knyFqTNRR6GOff7wkUOAb3RHF9wLCsJevYbrTkfCvnuukiBqA9ZYqUAYM5+fujVcJ62by5OEpPdZGr23c4XLHwIDAQAB</public-key>
      <private-key>MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDpP9knoxf7YIaIyPYhmTWXbqqYADd50fBnlRYCQC7PJxetWpyC0WH8nwVkDyVgcsXoHIccgtx0f9WYpj6+Y9FoZKP5qy7FXeElTfV1IRLOrGCnIfYVG9lf3vreHesY5B88jrveKDRQE24Xo/pmTMR9c5CuXNMbi/YFwluehH1MLetGmJITl1uq/pm1tGeYPxj6DYKaOO/WEK7yKds05tJgdug5Ce5G9sQWMm/L6hrifKaCor5vy3PZ3t8YK8cbA32SfIWpM1FHoY59/vCRQ4BvdEcX3AsKwl69hutOR8K+e66SIGoD1lipQBgzn5+6NVwnrZvLk4Sk91kavbdzhcsfAgMBAAECggEBAJqZ/maeXLP629FoWnQUqAfyi1Jqulqdg5o0oDznq98Ui0YVDC5NeIRIJvuWanDOQk1CM2/7cQIrBTnD30y0vsVSB7nh9ANP4X6neK2lOWERspK1GPYO2nsIQgHdlMmP0wCBnxZ2UY5OAqfawYrzET4RznE0B513nJ9envmn2aEWfqs/RxwktBy796VYnYVHNoWMKhE/5SUPdFqjT8h1ol4NtkIqnFprXzmqBELcRt4fkzrY24wV+oWNHJYSSb9o3Bd5MuUeLw8p2RLMIColQ+zy00ssQPRWiK4sLLJsvcM+V2BfGa1b+tY5HccDOzI5x6YzHCC8oovNbU3n/zMYbpkCgYEA9r4HYKF2UUf1NpKEmZdHbg/cw99lNDYkJC/8tLTXnXRwg+mO5NKEVQzf3BRNL/SqKvj8EjhNBad/7ZdEukJYPWqv3Rz4y/0HFWZKYCpeh6fJvOeBmptxfG9SJ7IBqtjgHXz1JZJEnJa55bCKV48rtZI9PSk5ckT2iTqUaOEZVfUCgYEA8gA4NrM+13LD9jEQYFvxuPK+VBZzZfoxwbOOmA9b5EMNGjzvYr6RpZi5LJ7E+ehPMGa4iHZa1kyWJrUVLyWz7zVvVF8gZP/3DMB6I02cCqEqpDm/+Xf/9PEgukKWLrdHmFPIYg4LfVGu5wkXYPJkJ7ro/IFhTp6vSH4GJA6XnEMCgYEA3Mpmp51T1p/hWRf698Va8a3YCp4YXYQlCwy1wK4iUo8jL6cLas7GA6UlnDW+bC8vJozuYw9mPK0J2H0HzvQXKb4R6HZIW6DrecayvyKqvBD0gMlYPBTklEi45zRuMYcn5LswUpJ0OvrVFifHY1qF7lAR5GzDLvFu+pUkwETM+xECgYEA5Vmd7QF9ujSTUdz4F0qsUUsFZK4OWgR/aYOhza0ourFtVoOPoHbZlCakwIwMRIiNnGKN2w7IUjctSqvt0swZtshepYiuK+qGmfhFCPZBv7U0s4Xj0iuPUfXAvaXjrYyX9t7Yl02WSAPFDkMIfCHdF+ZFbyGzNg6gMsT1TvDhcP8CgYEAj2JBnFVFennyWxrsUyrwrQaXd5OG7MfHqmXCphaOHe+/7oxQ3DApaAfou+WE0iohHVEAI7gmxH2TYEj/q+nFug4yXvu3hiNvYcdH4596m0lI7qFm2vA3I/e4dRqHw/Rtds0v5PzYuXnH4o8vIENLhRHerXlX/Yqjt+iTCAOZkMg=</private-key>
    </asymmetric-key>
  </asymmetric-keys>
</keystore>
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
  <listen>
    <endpoint>
      <name>default-ssh</name>
      <ssh>
        <tcp-server-parameters>
          <local-address>0.0.0.0</local-address>
          <keepalives>
            <idle-time>1</idle-time>
            <max-probes>10</max-probes>
            <probe-interval>5</probe-interval>
          </keepalives>
        </tcp-server-parameters>
        <ssh-server-parameters>
          <server-identity>
            <host-key>
              <name>default-key</name>
              <public-key>
                <keystore-reference>genkey</keystore-reference>
              </public-key>
            </host-key>
          </server-identity>
          <client-authentication>
            <supported-authentication-methods>
              <publickey/>
              <passsword/>
            </supported-authentication-methods>
          </client-authentication>
        </ssh-server-parameters>
      </ssh>
    </endpoint>
  </listen>
</netconf-server>

[michalvasko]

Look at the output of the server, when run with -d -v2. I have not mentioned before that you need to set up the server correctly as well to accept the SSH key. That is currently working just like for sshd(7), put the public key in ~/.ssh/authorized_keys for the user that is allowed to authorize using the SSH key.