Skip to content
This repository has been archived by the owner on Oct 6, 2023. It is now read-only.

evaluate the witschel Agent #104

Open
kreinhar opened this issue May 30, 2022 · 8 comments
Open

evaluate the witschel Agent #104

kreinhar opened this issue May 30, 2022 · 8 comments
Assignees
@iviliev
Milestone
Priority 0

Comments

@kreinhar
Copy link
Collaborator

No description provided.

@kreinhar
Copy link
Collaborator Author

kreinhar commented May 30, 2022
edited
Loading

  • check the possibility to use Basic authentication and device certificates
  • check step 1
  • implement step 1
  • check if the agent and how we could switch between Basic authentication (BA) and device certificates (DC)
  • clarify who could implement the switch between BA and DC

@kreinhar kreinhar added this to the Priority 0 milestone May 30, 2022
@kreinhar
Copy link
Collaborator Author

see email of Stefan

Ah so you have a CLI/tool on the device which is called with some parameters? Sounds easy from an implementation perspective. Just add a module, defining a custom Response Template, handle the response template, call the CLI/Tool, report result back to C8Y.
Even more easier: We can use the existing command handler & adding a new supported command “generate keys” with a mapping of the shell command. So we just have to implement the handling of the command basically…
https://github.com/SoftwareAG/cumulocity-devicemanagement-agent/blob/66b74a59ad239042cc2341e7d66365ba73c04eb8/c8ydm/agentmodules/command_handler.py#L59

@iviliev
Copy link
Contributor

iviliev commented May 31, 2022

The key pair command that has to be executed should be something of the kind:
git bash: ssh-keygen -t e123456 -C "kare@softwareag.com"

@iviliev
Copy link
Contributor

iviliev commented May 31, 2022

Documentation for the ssh key generation
https://www.ssh.com/academy/ssh/keygen

@iviliev
Copy link
Contributor

iviliev commented May 31, 2022
edited
Loading

@kreinhar When the command is called, the algorithm is specified via the "-t" option. Is it known which algorithm should be used?
Answer from Kai - "ssh-keygen -t rsa -b 4096"

@iviliev
Copy link
Contributor

iviliev commented May 31, 2022
edited
Loading

Answer from Stefan Witschel regarding the switching between certificate authentication and basic authentication:
I’m pretty sure it is fixed. This came up in the Schindler project and we invested quite some time to find out this was the root cause.

Your process is working, I tested it several times. The most important thing is that the device owner matches to the agent user afterwards. If the owner is different even with the correct credentials you cannot write anything to the device because of missing permissions.

@iviliev iviliev mentioned this issue May 31, 2022
Open
@iviliev
Copy link
Contributor

iviliev commented Jun 1, 2022

@kreinhar We have to determine also where in the device to store the private key from the generated key pair. Do you have ideas?

@kreinhar
Copy link
Collaborator Author

re-implemention step 1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@iviliev iviliev

Labels
None yet
Projects
None yet
Milestone
Priority 0
Development

No branches or pull requests
2 participants
@kreinhar @iviliev