- Written by Philip Bradish
- Posted on September 17, 2024
- Updated on September 17, 2024
- 730 Views
This document describes the support for performing SSH authentication with X.509 certificates. Authentication to SSH can be completed using a number of different methods. Public key, password and keyboard interactive are supported in EOS. Certificate login is a type of public key authentication in which the public key does not have to be stored on the server. Instead trusted certificate authorities are installed. A presented certificate must be signed either directly or indirectly by one of these trusted certificate authorities to allow authentication to the device. Support for OpenSSH certificates (also known as SSH Certificates) was added in 4.22.1F.
- Written by Philip Bradish
- Posted on August 18, 2022
- Updated on August 23, 2022
- 6435 Views
This document describes the support for authenticating users using SSH certificates and the authorized principals command in EOS. SSH certificate authentication was previously restricted to just using the authorized principals file. This file is populated by configuring authorized principals for each user. In order to login with a SSH certificate a user must present a certificate that includes at least one of their configured principals. The authorized principals command allows this list of configured principals to be generated by an executable dynamically at runtime. This provides a more flexible and scalable way to perform SSH certificate authentication.
- Written by Philip Bradish
- Posted on June 15, 2022
- Updated on January 24, 2023
- 6388 Views
This document describes the EOS SDK next hop group version number feature. The feature exposes a version number for each next hop group to clients interacting with EOS SDK. The version number is incremented when the next hop group is modified. The client can choose to receive the current version number when they modify a next hop group. Additionally, they can optionally receive it when the next hop group is programmed in hardware.