SSH Aruba MM/MD via Public Key Auth
The support of certificate base login to the MM/MD provide a good security capability of the Aruba MM/MDs.
Aruba still don’t support importing the public key directly and thus your SSH public key can only be imported into the Aruba controller using an X509 certificate. Therefore we first need to create a certificate include you public and private key.
I would use openssl to create a public/private key pair and also to generate a final Self-Signed Cert for uploading to the Aruba Controller.
I would use a Window laptop and use putty for ssh.
Installing OpenSSL on Windows Machine:
Thanks to Shining Light Production for providing an installer version of OpenSSL for the Windows Machine:
You can download the Installer (MSI) from their site and its pretty easy to Install.
Once installed modify the environmental variables of you Windows Machine to use it directly from any location.
Using OpenSSL to Generate Private Key and Cert:
Use the following command to generate the Private Key with the specified key length.
Use the following command to generate a Self Signed Cert using private key and add the required inputs as prompted.
OpenSSL Command CheatSheet: https://www.freecodecamp.org/news/openssl-command-cheatsheet-b441be1e8c4a/
Uploading the Certificate to Aruba Controller:
We need to upload the Certificate to the Aruba Controller as a Public Certificate, browse and upload the Certificate:
Adding Mgmt Account Associated to the Cert:
Create the mgmt account with required access and associate the Certificate to the mgmt-account.
Using Putty to Login to the Controller:
We need to associate the private key on the PC to login to the Controller. However Putty requires the key to be in a specific format else it would give error as follows:
We would download Puttygen to convert the Private key in the format as suited to Putty.
Open Puttygen and use the load option to load the previously created private key. Once loaded Save the private key in the .ppk format using the Save Private Key option, also better to add the keypassphrase during saving.
Now that the Private key is converted to correct format, load the private key again to putty and ssh to the Aruba Controller. Find the following on how/where to load the Private Key in Putty:
We would be prompted to username and the Passphrase that you set during the key import. Enter the username that we created on Aruba Controller and enter the passphrase set during the private key import and you should login fine.
More details on how to setup it up on the Aruba 6.x Architecture: