SSH authentication without password in Fortigate 3.0
The document introduce how to set up authenticate a admin without password required in Foritigate 3.0.
1, Generate SSH key pair, you can choose ssh-dss or ssh-rsa type key.
on the unix or linux server, issue
#ssh-keygen -t dsa -b 1024
then a dsa key pair was generated under ~username/.ssh
#ls -a
. .. id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts
#cat id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBANzTZaNQUBUy8U9u5FrBY3LPDKqLNbItb3n1WTNgt
3pe8qKgDvhLtdAO+a8/HLV5jqHzZ+FJRdHG2VeuZtZ87UWA2If7nOTTkBKoWl4DNXZjN/
nbNBXmFuqojQDNbwbbZaFhX4nC6TWm5x4bPnIFphR9gcxYzF62JLyVB5kDnJkjAAAAFQ
CTZZco/dbvgn2iKtMnEvmuy0dHwQAAAIBZX3WPfEvwXTQNRXvLvNKFeN7b+2Lx8YYaVL
eqV4imfhZx07VusV33zZFlcYsY7YZs1+NhdyG3AIrlYMkGguZ7c9+f407oGLVkk+G3S6
8Vw4Hl/KRORS8JB3TR5akAoSmIbmcwkGrWq5mQ90KHI7CSDK7zq/Gntkn/H452NUW16Q
AAAIAoT+cDlFYRWTS6OfRnmnBiCU+O+RnpRe2V1e5dnbNVD3l0pIrt2uqCnpM6CrueQC
qcnP9rjej/GpQEPhGm8Yq+l4PgRueWoDgpb5r4TsKncwAUvt8OXfslRRLR1egURKr7pN
1wTFD/m5zZTfurxXEzRIGu/3RpWaT9ZeFM9qhbUg== allenzhang@myhost
As an alternative key choosen, you can use rsa as well.
2, copy the id_dsa.pub to Fortigate
perform below command,
#config system admin
#edit youradmin
#set ssh-public-key1 "ssh-dss AAAAB3NzaC1kc3MAAACBANzTZaNQUBUy8U9u5FrBY3LPDKqLNbItb3n1WTNgt3pe8qKg
DvhLtdAO+a8/HLV5jqHzZ+FJRdHG2VeuZtZ87UWA2If7nOTTkBKoWl4DNXZjN/nbNBXm
FuqojQDNbwbbZaFhX4nC6TWm5x4bPnIFphR9gcxYzF62JLyVB5kDnJkjAAAAFQCTZZco
/dbvgn2iKtMnEvmuy0dHwQAAAIBZX3WPfEvwXTQNRXvLvNKFeN7b+2Lx8YYaVLeqV4im
fhZx07VusV33zZFlcYsY7YZs1+NhdyG3AIrlYMkGguZ7c9+f407oGLVkk+G3S68Vw4Hl
/KRORS8JB3TR5akAoSmIbmcwkGrWq5mQ90KHI7CSDK7zq/Gntkn/H452NUW16QAAAIAo
T+cDlFYRWTS6OfRnmnBiCU+O+RnpRe2V1e5dnbNVD3l0pIrt2uqCnpM6CrueQCqcnP9r
jej/GpQEPhGm8Yq+l4PgRueWoDgpb5r4TsKncwAUvt8OXfslRRLR1egURKr7pN1wTFD/
m5zZTfurxXEzRIGu/3RpWaT9ZeFM9qhbUg== allenzhang@myhost"
#end
as an alternative choosen, you can use rsa key type too.
3, on your unix,
login same name which appears in the id_dsa.pub
[allenzhang@myhost ~]#ssh -l youradmin yourFortigateIP
now you'r in the Fortigate
阅读(1376) | 评论(0) | 转发(0) |