The private keys must be made available inside agent and kibbitzer containers, so that they are accessible whenever an ssh connection is being opened to the devices.
Steps to get there:
Exposing the private key to be used:
- save the key to a secure enough directory,
- map that directory into the file system of agent and kibbitzer by adding a new volume in the
docker-compose.override.yml:
services:
agent:
volumes:
– <private-key-dir>:/agent/.ssh
…
kibbitzer:
volumes:
– <private-key-dir>:/agent/.ssh
- add a new vault via UI: e.i. “by-keys”
- run docker exec agent add-key if the file is mapped correctly, it will be added to the vault and the password will be removed as it is not needed.
- After this, the device will be accessed via the specified private key.
Example:
mkdir agent-keys
cp id_ed25519 agent-keys/
# agent and kibbitzer modification via docker-compose.override.yml
volumes:
– ./agent-keys:/agent/.ssh
# add the key to the vault `key-vault`
docker exec agent key-vault id_ed25519
You can use the CLI in Netpicker of the device using the key-vault vault from our example by issuing any command.
If you ever edit the vault via the GUI, the steps need to be repeated.