Is it possible to configure this? I have, for other devices [routers, PCs etc.], used PuTTYgen to generate "certificate pairs" so that I can create "passwordless" but secure access via pre-configured PuTTY sessions. Is that possible for ADM and, if so, how do I do it?
I did search the forum first but was unable to find anything that looked immediately relevant. Some posts mention that this has been done but, to me, it's not so obvious. I'd prefer to use a proven [& safe] method of uploading the certificates. Thanks.
Certificated [Passwordless] SSH Access
-
Twincam
- Posts: 3
- youtube meble na wymiar Warszawa
- Joined: Wed Oct 02, 2024 1:13 am
-
jharv
- Posts: 1
- Joined: Sat Oct 05, 2024 2:44 am
Re: Certificated [Passwordless] SSH Access
This works today for Admin and other added users, on my AS6706T running 4.3.2.R9Q2. I have not made this work for "root."
1) SSH into your device as "admin." This will ensure the /home/admin/.ssh folder is created.
2) Create/edit /home/admin/.ssh/authorized_keys and add a Public Key from a keypair.
3) In putty, create/edit a session for connecting to your device. In Connection -> SSH -> Auth -> Credentials, browse for the Private Key of the keypair, and Save.
Start a putty session to your device, give the admin username, and my system responds with:
login as: admin
Authenticating with public key "ecdsa-key-20240612_harv2asustor"
admin@XXXXXXXX:/volume1/home/admin $
I would recommend trying the keypair out on another system, to make sure the format is correct, and so on; the default putty public key format is NOT useful; you need to massage the key. Mine (in authorized_keys) looks like this...
ecdsa-sha2-nistp256 AAAAE2Vj <removed> D2KzY= ecdsa-key-20240612_harv2asustor
[edit]
Oh! My notes say that at the top of the putty keygen dialog box, there is a button/knob for:
Public key for pasting into OpenSSH authorized_keys file.
Use that, and, after saving the file, make sure it's linux/unix LF, and not "windows" format.
Good hunting.
\john
1) SSH into your device as "admin." This will ensure the /home/admin/.ssh folder is created.
2) Create/edit /home/admin/.ssh/authorized_keys and add a Public Key from a keypair.
3) In putty, create/edit a session for connecting to your device. In Connection -> SSH -> Auth -> Credentials, browse for the Private Key of the keypair, and Save.
Start a putty session to your device, give the admin username, and my system responds with:
login as: admin
Authenticating with public key "ecdsa-key-20240612_harv2asustor"
admin@XXXXXXXX:/volume1/home/admin $
I would recommend trying the keypair out on another system, to make sure the format is correct, and so on; the default putty public key format is NOT useful; you need to massage the key. Mine (in authorized_keys) looks like this...
ecdsa-sha2-nistp256 AAAAE2Vj <removed> D2KzY= ecdsa-key-20240612_harv2asustor
[edit]
Oh! My notes say that at the top of the putty keygen dialog box, there is a button/knob for:
Public key for pasting into OpenSSH authorized_keys file.
Use that, and, after saving the file, make sure it's linux/unix LF, and not "windows" format.
Good hunting.
\john
-
Twincam
- Posts: 3
- Joined: Wed Oct 02, 2024 1:13 am
Re: Certificated [Passwordless] SSH Access
Thanks for this, John. I have now tried this with both 4.3.2.R9Q2 & 4.3.3.RC92 [to which I updated in December]. I perfectly understood your very clear instructions and was immediately familiar with what was required.
Unfortunately, logging-in as "admin" did not create the "/home/admin/.ssh" folder. Undaunted, I created it manually as well as the remaining items. In both cases [and I tried several times], I was still prompted for my password in the PuTTY dialog.
I will try again after the resolution of a current support Ticket. My apologies for not responding sooner - I thought I had!
Unfortunately, logging-in as "admin" did not create the "/home/admin/.ssh" folder. Undaunted, I created it manually as well as the remaining items. In both cases [and I tried several times], I was still prompted for my password in the PuTTY dialog.
I will try again after the resolution of a current support Ticket. My apologies for not responding sooner - I thought I had!
-
Twincam
- Posts: 3
- Joined: Wed Oct 02, 2024 1:13 am
Re: Certificated [Passwordless] SSH Access
After upgrading to ADM 5.0.0.BEO2 the new "SSH Keys" function works as expected AFTER a reboot [not prompted].