Lastline SSH Key-Based Authentication for “monitoring” User

If you are using a Lastline device (Manager, Engine, Sensor or Pinbox) you can reach the machine via SSH after you activated it via monitoring_user_password . However, per default this uses only a password for authentication. If you want to use the key-based authentication for this “monitoring” user account you can add the public key to the authorized_keys file for that user.

This is a small record on how to add a public key to the Lastline device. However, it is quite general since the Lastline appliance is built upon a standard Ubuntu server.

Just as a quick reminder, this is how you enable the SSH login on a Lastline box in general. Note that this requires console access:

(The following guide is not an official guide from Lastline! Talk to the Lastline support or to your SE in order to confirm this for your installation.)

Adding Public Keys

The main goal is to copy the public ssh-key into the  ~/.ssh/authorized_keys  file for the user called “monitoring”. If you are not familiar with public/private SSH keys at all, refer to this or that.

There are many ways to copy the public key into the authorized_keys file. If you are on the local machine you can concatenate it with “>>” such as:

Another way is to use ssh-copy-id  when you are logged into the jump host which has the public key. With this way the authorized_keys file is created with the correct file permissions. This is my preferred way. Here is an example:

In any case you should check that the file permissions are rw only for the user! If not, change it with: sudo chmod 0600 ~/.ssh/*

The following listing shows the ~/.ssh/ folder on my Lastline Pinbox. Note the authorized_keys file with the correct permissions and its content:

That’s it! You are now able to log in with the SSH key-based authentication. For example with PuTTY this looks like that. Note the third line which requires to type in the passphrase for the private key. Also note that there was no challenge for the password itself:

[Disabling Password Authentication]

Though it is possible to disable the password authentication at all it is not officially acknowledged by Lastline. However, if you are willing to test it configure the following within the sshd_config file. (Note: NOT the ssh_config but the sshd_config. Note the “d” for daemon that is listening to incoming ssh connections.):

Ciao.

Featured image: “Data Center” by Bob Mical is licensed under CC BY-NC 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *