From 4872481ebca1a455339a6c1251c36b2f4938901d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 20 Dec 2019 17:55:09 +0100 Subject: user-management: migrate to new clicmd syntax --- docs/services/ssh.rst | 50 +------------------------------------------------- 1 file changed, 1 insertion(+), 49 deletions(-) (limited to 'docs/services') diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index 9a1418d3..fde575ea 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -101,53 +101,5 @@ This could be used to harden security. .. note:: VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2. -Key Based Authentication -======================== +.. seealso:: SSH :ref:`ssh_key_based_authentication` -It is highly recommended to use SSH Key authentication. By default there is -only one user (``vyos``), and you can assign any number of keys to that user. -You can generate a ssh key with the ``ssh-keygen`` command on your local -machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``. - -Every SSH key comes in three parts: - -``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com`` - -Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the -key will usually be several hundred characters long, and you will need to copy -and paste it. Some terminal emulators may accidentally split this over several -lines. Be attentive when you paste it that it only pastes as a single line. -The third part is simply an identifier, and is for your own reference. - -.. cfgcmd:: set system login user '' authentication public-keys '' key '' - -Assign the SSH public key portion `` identified by per-key `` -to the local user ``. - -.. cfgcmd:: set system login user '' authentication public-keys '' type '' - -Every SSH public key portion referenced by `` requires the -configuration of the `` of public-key used. This type can be any of: - -* ``ecdsa-sha2-nistp256`` -* ``ecdsa-sha2-nistp384`` -* ``ecdsa-sha2-nistp521`` -* ``ssh-dss`` -* ``ssh-ed25519`` -* ``ssh-rsa`` - -.. note:: You can assign multiple keys to the same user by using a unique - identifier per SSH key. - -Example -------- - -In the following example, both User1 and User2 will be able to SSH into VyOS -as the ``vyos`` user using their own keys. - -.. code-block:: none - - set system login user vyos authentication public-keys 'User1' key "AAAAB3Nz...KwEW" - set system login user vyos authentication public-keys 'User1' type ssh-rsa - set system login user vyos authentication public-keys 'User2' key "AAAAQ39x...fbV3" - set system login user vyos authentication public-keys 'User2' type ssh-rsa -- cgit v1.2.3