Articles in this section

See more

How to enable SSH key authentication for a local user?

Rey Lamuri
  • Updated
Follow

In Lighthouse allowing SSH key authentication needs to be done from the CLI.

Create the local user and make sure it’s enabled.
 
The command ogaddsshkey can append public key into authorized_keys file.
 

Usage: ogaddsshkey -u username [{-a authorized-key}] [-c RSA-certificate] [-p RSA-public-key] [-k RSA-private-key]
LH user SSH key update utility: sets SSH keys for users in the configuration database.
Options:
        -h, --help              Print this help
        -u, --username          The user to find and update SSH keys
        -a, --authorized-key            Append to user's authorized keys file
        -c, --certificate               RSA certificate
        -p, --public-key                RSA public key
        -k, --private-key               RSA private key
        -l, --log-to-stdlog     Enable logging
        -n, --no-syslog         Disable syslog logging (enables stdlog)
        -v, --verbose           Increase verbosity (repeat as desired)
        -d, --debug             Enable all debugging output (noisy!)


This is the syntax to add ssh-rsa key into user rey authorized_keys file. Don’t forget to double quote the entire ssh-rsa strings.
 

ogaddsshkey -u rey -a "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvTambIBWEPDsxc0AVS7vIJ1m4nX8sW+iSKZReqn82VxnD4J/fD1AT1Naa1Gh5A0s7JJF7fm74r5jgfkcx11lCx75gq6LN9StXHwBVUHO4b3i33Kkx0x0CySYqOG6CR62KPlgWkTg7MLnclpaHz9Su57vrWM3CXjxZCHxdBugAdNuEkXjbAK7yhO3pfbl0YzNvafkggm8L078g+HGlEiAxLi1ar2ThtBV44EBDqEzKc401I+HuaVidA1wxlv+c3gu59FD0DmBGoR6kUK65px34yzVtKKRH+T1ZRMRMhPGz1vRAqpjjY/Y0Ou6CDZ9VfdXViyY/Cd0GCOTq5EWTbKTB rey@rey-dev"


Check the keys exist. If you see entries that’s not meant to be there, delete authorized_keys file and start again.

cat ~rey/.ssh/authorized_keys


To disable password authentication for this users run the command below to find the user index.

ogconfig-cli -c  "print users" | grep rey


The output shows it’s users[1] index.

users[1].username (string): 'rey'


Run this command to disable password authentication.

echo -e "set users[1].no_password true\npush\nquit\n" | ogconfig-cli -e


If you wish to stop using authorized_keys and remove all entries run this command.

echo -e "delete users[1].ssh.authorized_keys\npush\nquit\n" | ogconfig-cli -e

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk