goal

the 3 linux systems should be able to ssh each other with out a password

.....

topology

topology

.....

credentials

default

cumulus - cumulus/CumulusLinux! and root/nopassword

ubuntu - root/nopassword

setup root password

root@host3:~# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

.....

enable ssh

the ssh server can be setup on a linux system with the openssh-server package, in cumulus (switches 1 and 2) its installed by default. it may have to be installed on ubuntu such as the ubuntu docker container on gns3

check if the package is already there

cumulus@cumulus:~$ apt list --installed | grep openssh-server

root@host3:~# apt update    #doesn't upgrade, just to ensure the latest versions  of the packages will be available

root@host3:~# apt install openssh-server    #to install the openssh-server package

#use an editor such as nano or vi to edit any file, cat is used to view the contents of a file

root@host3:~# cat /etc/ssh/sshd_config | grep RootLogin
PermitRootLogin yes

root@host3:~# service ssh start    #service to be deprecated and replaced by systemctl

.....

optional - setup static ips for stability in the lab after reboots etc.

/etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.122.33    #for host3
netmask 255.255.255.0
gateway 192.168.22.1

.....

hostname and hosts

edit the hostname and edit the hosts file on each system, to create ip-name maps

for example, on host3:

root@host3:~# cat /etc/hostname
host3

root@host3:~# cat /etc/hosts
127.0.1.1 host3    #local
192.168.122.11 switch1
192.168.122.22 switch2

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

.....

ssh key generation

the ~/.ssh directory (~ refers to home, when logged in as cumulus it indicates /home/cumulus, and when logged in as root it indicates /root) will not be present by default, it will be created automatically, along with the associated files id_rsa(private) and id_rsa.pub(public) when the ssh key is generated, this has to be done on all 3 systems

cumulus@switch1:~$ cat .ssh
cat: /home/cumulus/.ssh: No such file or directory

#ssh key generation for the id root in switch1

root@switch1:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
59:a9:df:36:52:a2:fb:e1:64:97:b1:53:a4:20:e0:68 root@switch1
The key's randomart image is:
+---[RSA 2048]----+
| . |
| o . . |
| E . . + . |
| . = . o |
| S . + . |
| o + = |
| . * O |
| = = o |
| ..o |
+-----------------+

#ssk key generation for the id cumulus in switch2

cumulus@switch2:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/cumulus/.ssh/id_rsa):
Created directory '/home/cumulus/.ssh'.
Enter passphrase (empty for no passphrase):    #we can keep this nil
Enter same passphrase again:    #for a complete password/passphrase free access
Your identification has been saved in /home/cumulus/.ssh/id_rsa.
Your public key has been saved in /home/cumulus/.ssh/id_rsa.pub.
The key fingerprint is:
94:06:d8:5f:c8:f7:1d:68:c7:72:99:e0:36:a6:4d:32 cumulus@switch2
The key's randomart image is:
+---[RSA 2048]----+
| o.. . .+ o |
| . ..o.o.+ B |
| .+oEo*= . |
| o. O... |
| S . . |
| |
| |
| |
| |
+-----------------+

note that, ssh key has to be generated for each username as required, in this case it was done for the username cumulus, it can be done for the username root as well, however on ubuntu since there is only one username root, it has to generated for that username. no additional usernames are created for this exercise

.....

copy the public key to the remote systems

the public key generated on the local system for that particular username (~./ssh/id_rsa.pub) has to be copied and pasted on to the remote system for a specific username here - ~/.ssh/authorized_keys

#there are two things to note here - local username - remote username, and local file - remote file

copying can be achieved in few ways such as ssh_copy_id / scp / echo etc.

scp will be used in this document, as its a better choice to copy the public key between different or same usernames among systems

cumulus@switch1:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdJGyorw2+xGrU64hwoVw1bRiILxbAPiyv6sDUuTS1hZ3tR33OaG8KDUFOVKvLhLqxq+n915I358Q/PgnntR3wmOXCQURQyWa/hj/+LCl8hAlBvn1K26yfZaArOY161hYbEfusCTRfQ9B9aIfVWLb/o+Pso5M3wOcLXiLXagMoy2v53HSnAUVAyoCzDv46DzG17aQbz74ccgppHEyWPYdKW/C2Mea0rTaaoklhSbl1JaiBdcY0NP8dQi1iI8ATDVN4MaJINUPgkbnSyJmokanbAsrhi9GSa5FOgA8G9oINISCQjsxsCMZClFn9gQlt2EuN4TZK5iTBi+b2hGT1DqgR cumulus@switch1

the public key of the local system, for example: switch1, should be copied and appended to the respective '.ssh/authorised_keys' file of the remote systems, in this case - switch2 and host3.

format: scp local_file user@remote_hostname:remotefile

cumulus@switch1:~$ scp .ssh/id_rsa.pub root@host3:.ssh/authorized_keys
The authenticity of host 'host3 (192.168.122.33)' can't be established.
ECDSA key fingerprint is b8:ba:55:02:38:e3:62:6b:08:12:d6:73:91:79:66:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host3,192.168.122.33' (ECDSA) to the list of known hosts.
root@host3's password:
id_rsa.pub 100% 397 0.4KB/s 00:00

root@switch1:~# scp .ssh/id_rsa.pub host3:.ssh/authorized_keys
root@host3's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
.....

verify the authorized_keys file, if required

cumulus@switch2:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdJGyorw2+xGrU64hwoVw1bRiILxbAPiyv6sDUuTS1hZ3tR33OaG8KDUFOVKvLhLqxq+n915I358Q/PgnntR3wmOXCQURQyWa/hj/+LCl8hAlBvn1K26yfZaArOY161hYbEfusCTRfQ9B9aIfVWLb/o+Pso5M3wOcLXiLXagMoy2v53HSnAUVAyoCzDv46DzG17aQbz74ccgppHEyWPYdKW/C2Mea0rTaaoklhSbl1JaiBdcY0NP8dQi1iI8ATDVN4MaJINUPgkbnSyJmokanbAsrhi9GSa5FOgA8G9oINISCQjsxsCMZClFn9gQlt2EuN4TZK5iTBi+b2hGT1DqgR cumulus@switch1

.....

action

no password from cumulus@switch1 to root@host3

cumulus@switch1:~$ ssh root@host3
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-31-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Thu Dec 28 03:51:30 2017 from 192.168.122.184

no password from root@switch2 to root@host3

root@switch2:~# scp .ssh/id_rsa.pub host3:.ssh/authorized_keys
root@host3's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
root@switch2:~# ssh host3
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-31-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Thu Dec 28 04:32:42 2017 from 192.168.122.11

.....

reference

https://cumulusnetworks.com

https://debian-administration.org/article/152/Password-less_logins_with_OpenSSH

—end-of-document—