summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerkin <e.altunbas@vyos.io>2022-03-10 17:51:19 +0300
committererkin <e.altunbas@vyos.io>2022-03-10 17:51:19 +0300
commitf3e59ac1cd00f92524c6297b9924240a16507032 (patch)
treeba3d792e9bf7e3be69a47840861de4f39fb113a1
parent221be1eb0623061ffb9c07751255532f54a8486b (diff)
downloadvyos-documentation-f3e59ac1cd00f92524c6297b9924240a16507032.tar.gz
vyos-documentation-f3e59ac1cd00f92524c6297b9924240a16507032.zip
Introduce `generate public-key-command` and deprecate `loadkey`
-rw-r--r--docs/configuration/service/ssh.rst37
-rw-r--r--docs/configuration/system/login.rst6
2 files changed, 39 insertions, 4 deletions
diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index 24881186..e03d1e70 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -127,8 +127,8 @@ Operation
.. opcmd:: generate ssh client-key /path/to/private_key
- Re-generated a known pub/private keyfile which can e.g. used to connect to
- other services (RPKI cache).
+ Re-generated a known pub/private keyfile which can be used to connect to
+ other services (e.g. RPKI cache).
Example:
@@ -153,5 +153,36 @@ Operation
| =.. o=.oo|
+----[SHA256]-----+
- Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub``
+ Two new files ``/config/auth/id_rsa_rpki`` and
+ ``/config/auth/id_rsa_rpki.pub``
will be created.
+
+.. opcmd:: generate public-key-command name <username> path <location>
+
+ Generate the configuration mode commands to add a public key for
+ :ref:`ssh_key_based_authentication`.
+ ``<location>`` can be a local path or a URL pointing at a remote file.
+
+ Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP.
+
+ Example:
+
+ .. code-block:: none
+
+ alyssa@vyos:~$ generate public-key-command name alyssa path sftp://example.net/home/alyssa/.ssh/id_rsa.pub
+ # To add this key as an embedded key, run the following commands:
+ configure
+ set system login user alyssa authentication public-keys alyssa@example.net key AAA...
+ set system login user alyssa authentication public-keys alyssa@example.net type ssh-rsa
+ commit
+ save
+ exit
+
+ ben@vyos:~$ generate public-key-command user ben path ~/.ssh/id_rsa.pub
+ # To add this key as an embedded key, run the following commands:
+ configure
+ set system login user ben authentication public-keys ben@vyos key AAA...
+ set system login user ben authentication public-keys ben@vyos type ssh-dss
+ commit
+ save
+ exit
diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst
index 61201de7..89ef7e2f 100644
--- a/docs/configuration/system/login.rst
+++ b/docs/configuration/system/login.rst
@@ -84,6 +84,10 @@ The third part is simply an identifier, and is for your own reference.
.. cfgcmd:: loadkey <username> <location>
+ **Deprecation notice:** ``loadkey`` has been deprecated in favour of
+ :opcmd:`generate public-key-commands` and will be removed in a future
+ version. See :ref:`ssh`.
+
SSH keys can not only be specified on the command-line but also loaded for
a given user with `<username>` from a file pointed to by `<location>.` Keys
can be either loaded from local filesystem or any given remote location
@@ -122,7 +126,7 @@ Dial-In User Service)` servers as backend for user authentication.
Configuration
-------------
-.. cfgcmd:: set system login radius server <address> key <secret>
+.. cfgcmd:: set system login radius server <address> secret <secret>
Specify the `<address>` of the RADIUS server user with the pre-shared-secret
given in `<secret>`. Multiple servers can be specified.