- Written by Diego Asturias
- Posted on 6月 26, 2026
- Updated on 7月 1, 2026
- 79 Views
eAPI over SSH provides programmatic access to Arista EOS Command API using SSH as the transport protocol, offering an alternative to HTTP/HTTPS-based eAPI. This feature enables network automation tools and scripts to execute CLI commands and retrieve structured output via JSON-RPC 2.0 over an SSH connection.
The feature uses the standard SSH subsystem mechanism, allowing clients to invoke the "eapi" subsystem after SSH authentication. Commands and responses use the same JSON-RPC 2.0 format as HTTP-based eAPI, ensuring compatibility with existing eAPI client libraries and scripts with minimal modifications.
- Written by Niranjan Mahabaleshwar
- Posted on 2月 12, 2024
- Updated on 2月 12, 2024
- 7829 Views
EOS allows the generation of the following SSH keys, which can be used as host keys with default names.
- Written by Philip Bradish
- Posted on 8月 18, 2022
- Updated on 8月 23, 2022
- 11179 Views
This document describes the support for authenticating users using SSH certificates and the authorized principals command in EOS. SSH certificate authentication was previously restricted to just using the authorized principals file. This file is populated by configuring authorized principals for each user. In order to login with a SSH certificate a user must present a certificate that includes at least one of their configured principals. The authorized principals command allows this list of configured principals to be generated by an executable dynamically at runtime. This provides a more flexible and scalable way to perform SSH certificate authentication.
- Written by Philip Bradish
- Posted on 9月 17, 2024
- Updated on 1月 8, 2025
- 5651 Views
This document describes the support for performing SSH authentication with X.509 certificates. Authentication to SSH can be completed using a number of different methods. Public key, password and keyboard interactive are supported in EOS. Certificate login is a type of public key authentication in which the public key does not have to be stored on the server. Instead certificates belonging to trusted certificate authorities (CAs) are installed.
- Written by Dylan Walsh
- Posted on 4月 17, 2026
- Updated on 4月 17, 2026
- 387 Views
As of EOS-4.36.0F, a configurable user session timeout is supported for console, SSH, and telnet management sessions. This feature closes the user session (interactive) once the specified duration has been reached, regardless of user activity and independent of any configured idle-timeout. Upon session termination, a system message is generated to indicate the session’s closure. This feature is disabled by default.
