For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5.6 > SSH PubKey Login

SSH PubKey Login

Created by dave. Last edited by dave, 211 days ago. Viewed 272 times. #1
[edit] [rdf]
labels
attachments
(2018-12-19)

Problem

Want SSH Pubkey authentication for my AD-backed administrative user. Specifically because having to have my AD password in plaintext in my home directory in order for rancid to work is stupid, security-wise.

Solution

conf global
conf sys admin
edit "dave"
set remote-auth enable
set trusthost1 10.30.1.0 255.255.255.0
set accprofile "super_admin"
set vdom "root" "Primary" "Edge"
set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAr8/DqD4U932SnoA1Kdqyphz2g2w8xQBdbyqcT69HWLJjMhlRgtV9ihjx+Y4Di4FwOaKRiAamrad5I5VodpkYyDWi5hAd9zepv/g8mtNfVnnyws0qg58tABp2Q1xFvbRvm8dh4NNqX3sVUXXBphmGl9BZeHtCEcLh0aLgSU5nbtDDVVtrvqWu6QvdGTvZrkyi9junmOPExL6aboFBzzVxxixkpJ7GxZnOS91KIi97AaE0j595HucxBLY43JBndOxRcV35TRQt0mbNDu4RNh4YO4Z5DWnrnH0o0AdtICXoZDOFLwtK0ewyNeTD4utaggHZTCf5JY84A/37GitdR8iayofSggpmt8QhPR11wSlO5SZ7XIavl4KQMWPaj+pi+gg7CYWl8UqG0TYnSHwC40VTTONzqOK4qQKVwbqXACloUKGQBNnD+v824o41TkJ8s49RO0RzBAK2W5pH8MvzC32r3HW1mHV7fZimTOno4536Nffkzx5cX89iBLBPLcb3m3okgGpktRfLwPNMSmEMeqYpwz3RvpvPzBt+L53pUwQuCBL7tBYsMMgD4ej5RJvtoEsQeP2LMn50Mk3BrdgjSbYxv3haZsUKAz9OfvgoRYW98L8ScJU3ONvCPC/L3stKfZoEftl7TUUooqqa1mCI08pM9Biyby0vkGJNhmun3RZi4ak= dave@store02"
set remote-group "AD-Administrators"
next
end
end

Now I can log in passwordless via ssh, and I still get challenged for my AD password when I use the web interface.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt