CenterClick NTP200 Series Documentation - SSH Authentication

Configuring SSH Authentication

If your device has a default admin password printed on the label SSH is enabled by default, otherwise SSH is disabled by default. SSH can be enabled on the USB admin console.

Password Authentication

SSH will be automatically enabled and disabled whenever the admin password and/or admin authkeys are configured

NTP250> conf services
NTP250[srv]> admin password
Enabling user admin... 
New password: 
Retype new password: 
Enabling SSH...
NTP250[srv]> 

Public Key Authentication

After SSH is enabled, you can add public key authentication. Once public key authentication is set up you can either remove the account password or leave it as an alternative authentication. NOTE that if you remove the admin password, the USB console will no longer require authentication.

Enabling or updating public key authentication is a 3-step process.

1. Create an 'authorized_keys' file containing 1 or more public key lines. This file is the same format as you'd find on any Linux system in the '${HOME}/.ssh/authorized_keys' file.
2. Upload this file to the device using scp
3. Apply the 'authorized_keys' file

NTP250> conf services
NTP250[srv]> admin authkeys
ERROR: No new authorized_keys file found, you must scp it first

Create and upload the file using SCP in advance:

$ scp -O authorized_keys admin@ntp1.example.com:authorized_keys
admin@ntp1.example.com's password: 
authorized_keys                               100%  738   128.1KB/s   00:00    
$

NOTE: only specific SCP destinations are allowed, you must copy the file individually and to the exact destination above. Once uploaded it will be detected:

NTP250> conf services
NTP250[srv]> admin authkeys
Installing SSH authorized keys file... 
NTP250[srv]> 

Note that once public key authentication is enabled, you can now disable password authentication if desired.

To update the authorized_keys file, simply scp it again and run admin authkeys' again.