Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
846
Views
10
Helpful
3
Replies

Can You Enable SSHv2 via APIC-EM REST API?

dandemer
Cisco Employee
Cisco Employee

‎09-07-2016 08:37 AM - edited ‎03-01-2019 04:31 AM

Deploying/Enabling SSH during device turn up is an interactive process at the moment.

  • key generation and key length selection
  • confirming the key selection

Can APIC-EM REST API configure SSH via the API? This same use case can be applied to any configuration that is interactive in nature...the IOS asks you questions or to confirm a change/selected.

Thank You,


Dan

Labels:
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎09-07-2016 09:52 AM

Currently APIC-EM does not provide for arbitrary CLI automation.  That's where something like Prime Infrastructure fits today.  PI will allow you to create a template to perform all kinds of CLI changes (including interactive commands).  PI also offers a northbound REST API so that you can upload templates and trigger them to run.

That said, the PnP process can bootstrap a device with SSHv2, including keys so that the device goes from zero (i.e., out of the box) to fully manageable by APIC-EM and Prime Infra.

dandemer
Cisco Employee
Cisco Employee
In response to Joe Clarke

‎09-07-2016 10:24 AM

To clarify with PnP you can import the keys and commands without having to go through the interactive prompt? Would this mean using a predefined RSA key pair and not having the device generate their own? I ask the second question as importing a key may work but it would not be unique to the device it sounds.

Thank you again as your earlier reply was quite helpful!

Dan

Joe Clarke
Cisco Employee
Cisco Employee
In response to dandemer

‎09-07-2016 10:34 AM

Hmmm, maybe I was confused on what keys you're talking about.  I was referring to a private key in order to enable SSH.  That said, PnP deals with the config of the device, so if you're talking about users' SSH public keys, then, yes.  You can have a config template that has the fingerprints of public keys.  I have successfully generated those in a config template that I've pushed to APIC-EM in order to PnP-provision a device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community

Customers Also Viewed These Support Documents