CenterClick NTP200 and NTP250 Documentation - SSH Authentication


Main

Docs
o Features
o Hardware
o Software
o Getting Started
o Release Notes
o Front Panel Button
o Front Panel LEDs
o USB Console
o Admin CLI
o Using HTTPS
o SSH Authentication
o Client List
o Antenna Issues
o Graphs

Live Demo

Help and Contact

Feedback and Bug Reports


Configuring SSH Authentication

By default SSH is disabled. SSH can be enabled on the USB admin console.

Password Authentication

When enabling SSH for the first time, you will be asked to configure an account password for the 'admin' user, this is the default authentication method.

NTP250> conf services
Configuring Services...

Service Commands:
  exit                                  Exit Service Menu
  no http                               Disable HTTP interface
  https                                 Enable HTTPS interface
  location privacy                      Enable Location Privacy on HTTP
  ssh                                   Enable SSH

NTP250[srv]> ssh
Enabling user admin... 
New password: 
Retype new password: 
Enabling SSH...

Service Commands:
  exit                                  Exit Service Menu
  no http                               Disable HTTP interface
  https                                 Enable HTTPS interface
  location privacy                      Enable Location Privacy on HTTP
  ssh password                          Update SSH password
  ssh authkeys                          Add SSH authorized keys
  no ssh                                Disable SSH

NTP250[srv]> 

Public Key Authentication

After SSH is enabled, you can add public key authentication. Once public key authentication is set up you can either remove the account password or leave it as an alternative authentication.

Enabling or updating public key authentication is a 3-step process.

  1. Create an 'authorized_keys' file containing 1 or more public key lines. This file is the same format as you'd find on any Linux system in the '${HOME}/.ssh/authorized_keys' file.
  2. Upload this file to the device using scp
  3. Apply the 'authorized_keys' file
NTP250> conf services
Configuring Services...

Service Commands:
  exit                                  Exit Service Menu
  no http                               Disable HTTP interface
  https                                 Enable HTTPS interface
  location privacy                      Enable Location Privacy on HTTP
  ssh password                          Update SSH password
  ssh authkeys                          Add SSH authorized keys
  no ssh                                Disable SSH

NTP250[srv]> ssh authkeys
ERROR: No new authorized_keys file found, you must scp it first

Create and upload the file using SCP in advance:

$ scp authorized_keys admin@ntp1.example.com:authorized_keys
admin@ntp1.example.com's password: 
authorized_keys                               100%  738   128.1KB/s   00:00    
$

NOTE: only specific SCP destinations are allowed, you must copy the file individually and to the exact destination above. Once uploaded it will be detected:

NTP250> conf services
Configuring Services...

Service Commands:
  exit                                  Exit Service Menu
  no http                               Disable HTTP interface
  https                                 Enable HTTPS interface
  location privacy                      Enable Location Privacy on HTTP
  ssh password                          Update SSH password
  ssh authkeys                          Add SSH authorized keys
  no ssh                                Disable SSH

NTP250[srv]> ssh authkeys
Installing SSH authorized keys file... 

Service Commands:
  exit                                  Exit Service Menu
  no http                               Disable HTTP interface
  https                                 Enable HTTPS interface
  location privacy                      Enable Location Privacy on HTTP
  ssh password                          Update SSH password
  no ssh password                       Disable SSH password based auth
  ssh authkeys                          Update SSH authorized keys
  no ssh authkeys                       Disable SSH authorized keys auth
  no ssh                                Disable SSH

NTP250[srv]> 

Note that once public key authentication is enabled, you can now disable password authentication if desired.

To update the authorized_keys file, simply scp it again and run 'ssh authkeys' again.



© 2021 CenterClick LLC