summaryrefslogtreecommitdiff
path: root/docs/services/ssh.rst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-12-20 17:55:09 +0100
committerChristian Poessinger <christian@poessinger.com>2019-12-20 17:55:09 +0100
commit4872481ebca1a455339a6c1251c36b2f4938901d (patch)
tree5542e2c54dd08d023c5fd0f0a762a8859d3c59e3 /docs/services/ssh.rst
parent925dc9d5e64a881825653ddd5df13e2672792947 (diff)
downloadvyos-documentation-4872481ebca1a455339a6c1251c36b2f4938901d.tar.gz
vyos-documentation-4872481ebca1a455339a6c1251c36b2f4938901d.zip
user-management: migrate to new clicmd syntax
Diffstat (limited to 'docs/services/ssh.rst')
-rw-r--r--docs/services/ssh.rst50
1 files changed, 1 insertions, 49 deletions
diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst
index 9a1418d3..fde575ea 100644
--- a/docs/services/ssh.rst
+++ b/docs/services/ssh.rst
@@ -101,53 +101,5 @@ This could be used to harden security.
.. note:: VyOS 1.1 supported login as user ``root``. This has been removed due
to tighter security in VyOS 1.2.
-Key Based Authentication
-========================
+.. seealso:: SSH :ref:`ssh_key_based_authentication`
-It is highly recommended to use SSH Key authentication. By default there is
-only one user (``vyos``), and you can assign any number of keys to that user.
-You can generate a ssh key with the ``ssh-keygen`` command on your local
-machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``.
-
-Every SSH key comes in three parts:
-
-``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com``
-
-Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the
-key will usually be several hundred characters long, and you will need to copy
-and paste it. Some terminal emulators may accidentally split this over several
-lines. Be attentive when you paste it that it only pastes as a single line.
-The third part is simply an identifier, and is for your own reference.
-
-.. cfgcmd:: set system login user '<username>' authentication public-keys '<identifier>' key '<key>'
-
-Assign the SSH public key portion `<key>` identified by per-key `<identifier>`
-to the local user `<username>`.
-
-.. cfgcmd:: set system login user '<username>' authentication public-keys '<identifier>' type '<type>'
-
-Every SSH public key portion referenced by `<identifier>` requires the
-configuration of the `<type>` of public-key used. This type can be any of:
-
-* ``ecdsa-sha2-nistp256``
-* ``ecdsa-sha2-nistp384``
-* ``ecdsa-sha2-nistp521``
-* ``ssh-dss``
-* ``ssh-ed25519``
-* ``ssh-rsa``
-
-.. note:: You can assign multiple keys to the same user by using a unique
- identifier per SSH key.
-
-Example
--------
-
-In the following example, both User1 and User2 will be able to SSH into VyOS
-as the ``vyos`` user using their own keys.
-
-.. code-block:: none
-
- set system login user vyos authentication public-keys 'User1' key "AAAAB3Nz...KwEW"
- set system login user vyos authentication public-keys 'User1' type ssh-rsa
- set system login user vyos authentication public-keys 'User2' key "AAAAQ39x...fbV3"
- set system login user vyos authentication public-keys 'User2' type ssh-rsa