Linux/Unix的SSHkeygen示例
完成以下步骤设置您)连接的Linux/UNIX工作站(或服务器对ESA,不用密码。 在本例中,我们不会指定作为密码短语。
- 在您的工作站(或服务器上)使用unix命令SSHkeygen,请生成专用密钥:
$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/[USERID]/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/[USERID]/.ssh/id_rsa.
Your public key has been saved in /home/[USERID]/.ssh/id_rsa.pub.
The key fingerprint is:
00:11:22:77:f6:a9:1e:19:f0:ca:28:9c:ff:00:11:22 [USERID]@hostname.com
The key's randomart image is:
+--[ RSA 2048]----+
| +... +|
| o= o+|
| o o ..|
| . ..o . + |
| . ES. o + |
| o + . . |
| o . . |
| o o |
| . . |
+-----------------+
(以上的*the从Ubuntu 14.04.1)生成
2)打开在#1 (id_rsa.pub)创建的公共密钥关键文件并且复制输出:
$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJg9W3DeGf83m+E/PLGzUFPalSoJz5F
t54Wl2wUS36NLxm4IO4Xfrrb5bA97I+ZA4YcB1l/HsFLZcoljAK4uBbmpY5kXg96A6Wf
mIYMnl+nV2vrhrODgbcicEAdMcQN3wWHXiEWacV+6u+FlHlonkSAIDEug6vfnd+bsbcP
Zz2uYnx1llxbVtGftbWVssBK3LkFp9f0GwDiYs7LsXvQbTkixrECXqeSrr+NLzhU5hf6
eb9Kn8xjytf+eFbYAslam/NEfl9i4rjide1ebWN+LnkdcE5eQ0ZsecBidXv0KNf45RJa
KgzF7joke9niLfpf2sgCTiFxg+qZ0rQludntknw [USERID]@hostname.com
- 登陆到您的设备并且配置您的ESA认可您的工作站(或服务器)使用您在#1创建的公共SSH密钥,并且确认更改。 在登录期间,注意密码提示:
$ ssh admin@192.168.0.199
CONNECTING to myesa.local
Please stand by...
Password:[PASSWORD]
Last login: Mon Aug 18 14:11:40 2014 from 192.168.0.200
Copyright (c) 2001-2013, Cisco Systems, Inc.
AsyncOS 8.5.6 for Cisco C100V build 074
Welcome to the Cisco C100V Email Security Virtual Appliance
myesa.local> sshconfig
Currently installed keys for admin:
Choose the operation you want to perform:
- NEW - Add a new key.
- USER - Switch to a different user to edit.
[]> new
Please enter the public SSH key for authorization.
Press enter on a blank line to finish.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJg9W3DeGf83m+E/PLGzUFPalSoJz5F
t54Wl2wUS36NLxm4IO4Xfrrb5bA97I+ZA4YcB1l/HsFLZcoljAK4uBbmpY5kXg96A6Wf
mIYMnl+nV2vrhrODgbcicEAdMcQN3wWHXiEWacV+6u+FlHlonkSAIDEug6vfnd+bsbcP
Zz2uYnx1llxbVtGftbWVssBK3LkFp9f0GwDiYs7LsXvQbTkixrECXqeSrr+NLzhU5hf6
eb9Kn8xjytf+eFbYAslam/NEfl9i4rjide1ebWN+LnkdcE5eQ0ZsecBidXv0KNf45RJa
KgzF7joke9niLfpf2sgCTiFxg+qZ0rQludntknw [USERID]@hostname.com
Currently installed keys for admin:
- ssh-rsa AAAAB3NzaC1yc2EAA...rQludntknw ([USERID]@hostname.com)
Choose the operation you want to perform:
- NEW - Add a new key.
- DELETE - Remove a key.
- PRINT - Display a key.
- USER - Switch to a different user to edit.
[]>
myesa.local> commit
- 退出在设备和重新登录外面。 注意密码提示删除,并且访问直接地授权:
myesa.local> exit
Connection to 192.168.0.199 closed.
robert@ubuntu:~$ ssh admin@192.168.0.199
CONNECTING to myesa.local
Please stand by...
Last login: Mon Aug 18 14:14:50 2014 from 192.168.0.200
Copyright (c) 2001-2013, Cisco Systems, Inc.
AsyncOS 8.5.6 for Cisco C100V build 074
Welcome to the Cisco C100V Email Security Virtual Appliance
myesa.local>
完成上面操作后,我们可以编写脚本自动登陆思科设备了。
脚本如下:
conn_ssh_keys.py
#!/usr/bin/env python
from netmiko import Netmiko
from getpass import getpass
key_file = "/home/gituser/.ssh/test_rsa"
cisco1 = {
'device_type': 'cisco_ios',
'host': 'cisco1.twb-tech.com',
'username': 'testuser',
'use_keys': True,
'key_file': key_file,
}
net_connect = Netmiko(**cisco1)
print(net_connect.find_prompt())
output = net_connect.send_command("show ip arp")
print(output)
