Beruflich Dokumente
Kultur Dokumente
Configuring SSH
NOTE: The version of ssh that comes with Solaris 9 uses the
same authentication as openssh - in other words, use ssh-keygen
then populate the $HOME/.ssh/authorized_keys file.
Generate an rsa key on the host that will be initiating the connection
$ ssh-keygen -t rsa
(just accept the defaults for the questions it asks)
You should either enter nothing as the pass-phrase or see the section
at the bottom of this document on ssh-agent.
Copy the public part of the key from the host where the keypair was generated
over to the destination host.
Create the authorized_keys file on the host where we will be logging into
$ cd .ssh
$ cp id_rsa.pub authorized_keys
http://www.unixpeople.com/HOWTO/configuring.ssh.html 9/18/2010
Page 2 of 5
0768330121196117806139671 bvuser@pluto
Your public key has been saved in /home/bvuser/.ssh/identity.pub
***********************************
Try it!
****************************************
bvuser@pluto$ ssh mars
Last login: Fri Jun 9 17:32:08 2000 from ushqseng99
No mail.
Sun Microsystems Inc. SunOS 5.6 Generic August 1997
Using Terminal type: xterm
bvuser@mars$
****************************************
NOTE: This only gives bvuser access from pluto to mars. In order
to have the reverse be true, you would need to generate keys on
mars and ftp the public key to pluto.
Alternatively, you could simply copy over the entire .ssh directory
from pluto to mars. That would preserve the same key.
create the .ssh2/identification file (on the source host) with the
following contents
-----------------------------
IdKey id_dss_1024_a
-----------------------------
Copy the keys from the host where the keys were generated
over to the host where we will be logging into, placing
them into the directory $HOME/.ssh2
http://www.unixpeople.com/HOWTO/configuring.ssh.html 9/18/2010
Page 3 of 5
convert the openssh dsa PRIVATE key to commercial ssh2 public key format
$ cd .ssh
$ ssh-keygen -x -f id_dsa >commercialSSH2key.pub
now move this file to the destination machine and put it in the
$HOME/.ssh2 directory. Then put an entry in the .ssh2/authorization file
--------------------------------------
Key commercialSSH2key.pub
--------------------------------------
NOTE: If you want scp to work from openssh to commercial ssh, then you
will need to copy the binary /usr/local/bin/scp to the commercial ssh
machine, placing it at /usr/local/bin/scp1
copy the key pair back to the openssh host, placing the key pair in
$HOME/.ssh
On the openssh host, convert the commercial ssh keys into openssh format
$ ssh-keygen -X -f id_dss_1024_a >id_dsa
$ ssh-keygen -X -f id_dss_1024_a.pub >id_dsa.pub
=====================================================
http://www.unixpeople.com/HOWTO/configuring.ssh.html 9/18/2010
Page 4 of 5
The largest issue with this bi-directional communication is that scp version
2 is proprietary to the commercial ssh version, so in order to scp files from
the openssh box to the commercial ssh box, you must install the openssh
version of scp as /usr/local/bin/scp1 on the commercial box.
In order to scp files from the commercial ssh box to the openssh box, you
must use "scp1" rather than plain "scp" (plain scp will hang).
You should either enter nothing as the pass-phrase or see the section
at the bottom of this document on ssh-agent.
Copy the public part of the key (identity.pub) from the host where the
key was generated over to the destination host (placing it in
$HOME/.ssh/identity.pub).
What if you have assigned a pass-phrase to the private part of your key pair?
==============================================================================
Well, its a good idea to do this because if you don't, whomever has root
or sudo access on any machine where this key exists can read the private
key and hence masquerade as you. In addition, if some hacker compromises
your machine, then you will essentially have to scrap all your keys.
Ok, but it sucks to have a pass-phrase, because then you are prompted
for it every time you ssh to another machine!
If you run ssh-agent, on the machine where you are ssh'ing FROM, you can
use ssh-add to decrypt your private key, and store it in the running
program. When you initiate an ssh transaction with another system, the
ssh-agent intercepts the request from the remote system for your private
key and provides it. You only have to start ssh-agent and call ssh-agent
and provide your pass-phrase once after each system reboot.
http://www.unixpeople.com/HOWTO/configuring.ssh.html 9/18/2010
Page 5 of 5
http://www.unixpeople.com/HOWTO/configuring.ssh.html 9/18/2010