Hi,
I managed to solve the problem with difficulty. The solution was as follows.
By default, NS8 only allows the use of ssh with a certificate. To do this, a certificate must be created on the client and it must be uploaded and configured for use on the NS8.
This is problematic if e.g. NS8 runs on Proxmox or a remote VPS, because there is no direct console availability (NS8 is not included), and the outputs displayed on the Proxmox console cannot be copied with copy-paste.
The solution is further complicated by the fact that in this case the NS8 only has one LAN interface for connecting to the Internet, there is no second LAN interface for the local network, instead there is only a dummy LAN interface. Therefore, you can proceed as follows to set up ssh.
Access via RSA keys, widely used for security, is a real alternative to password-based login, NS8 uses this solution. In this type of authentication, the client generates a private key and its corresponding public key, which is installed on the NS8 to uniquely authenticate the client.
To create a public key on the client, the key pair must first be generated with the ssh-keygen command:
$ ssh-keygen
Once done, the ssh-keygen command creates two files: the client’s private ey, which cannot be shared with anyone (id_rsa) and the sharable public key (id_rsa.pub), this will have to be uploaded to the NS8.
As a next step, according to the NS8 documentation, create a user (steve) as a member of the wheel group and give him a password (don’t want to ssh as root!). You can do this if you log in as root on the NS8 VM console on the Proxmox interface.
$ useradd -G wheel username
$ passwd username
Log out of NS8 on the Proxmox VM console and log in with the user you just created. Create a .ssh directory in the user home directory, enter the directory and create an authorized_keys file:
$ mkdir .ssh
$ cd .ssh
$ touch authorized_keys
On the NS8 server, run the following command to download the public key from the client to the server:
$ scp userofclient@client_IP_address:/home/userofclient/.ssh/id_rsa.pub
/home/userofns8/.ssh/id_rsa.pub
If necessary, set the user as owner on the uploaded id_rsa.pub file.
With the echo command, you could add the public key to the authorized_keys
file, but this will not work here, because the output of the displayed file cannot be copied on the Proxmox console.
Instead, copy the contents of the id_rsa.pub file into the authorized_keys file:
$ cp .ssh/id_rasa.pub .ssh /authorized_keys
Restart the sshd service:
$ sudo systemctl restart sshd.service
After that, you can successfully connect to NS8 with ssh.
In the case of multiple clients, additional concatenation of id_rsa.pub with the authorized_keys file with the echo command above works because the output of the ssh console can already be copied…
I hope this helps anyone with a similar problem…