-
To generate RSA key pairs, run the following
command on the client:
# ssh-keygen -t [rsa│dsa] |
The following output is displayed:
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa): <file name>
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/hi.
Your public key has been saved in /tmp/hi.pub.
The key fingerprint is:
84:7d:f5:dd:88:f7:53:88:8a:6e:f7:85:04:28:6e:ed root@<hostname> |
HP-UX Secure Shell generates the key pairs id_rsa and id_rsa.pub and
stores them in the $HOME/.ssh directory on the
client system.
-
Set the following configuration directive in the
/opt/ssh/etc/sshd_config configuration file on
the client system:
 |
|
|
|
 |
NOTE: For backward compatibility purposes,
HP-UX Secure Shell supports the RSAAuthentication configuration directive in
both the client and server configurations. This directive also
enables public-key authentication for the client, but only for the
SSH-1 protocol. |
|
|
|
|
-
To ensure that the permissions of the home
directory of the client, the $HOME/.ssh
directories, and all files under the $HOME/.ssh
directory match the permissions listed in Table 4-2,
run the following commands:
# ll -d $HOME
# ll -d $HOME/.ssh
#ll $HOME/.ssh/ |
Table 4-2
lists the specific permissions for these files and directories.
Table 4-2 Permissions for the Client Files
and Directories
| File/Directory |
Permissions |
| $HOME (home directory) |
drwx------ or drwxr--r-- |
| $HOME/.ssh |
drwx------ or drwxr--r-- |
| $HOME/.ssh/id_rsa and id_dsa |
-rw-r--r-- or -rw------ |
| $HOME/.ssh/id_rsa.pub and id_dsa.pub |
-rw-r--r-- or -rw------ |
| $HOME/.ssh/config |
-rwx------ |
-
Copy the public key in the client system to the
home directory of the server using the following command:
# cat $HOME/.ssh/id_dsa.pub │ ssh remoteuser@remotehost
’cat - >> $HOME/.ssh/authorized_keys’ |
The following output is displayed:
The authenticity of host ’remoteuser.remotehost (15.70.189.130)’ can’t be established
RSA key fingerprint is 2a:c9:77:ad:d5:d3:ef:c3:1e:12:12:9e:3a:9f:c0:38.
Are you sure you want to continue connecting (yes/no)? |
-
Enter yes to continue
with the connection. The following message is displayed:
Warning: Permanently added ’itanika2.india.hp.com’ (RSA) to the list of known hosts. |
Enter no if you do not
want to continue with the connection.
-
To enable public-key authentication, set the
following directive in the server configuration file /opt/ssh/etc/sshd_config:
-
Set the directory and file permissions on the
server as specified in Table 4-3.
Table 4-3 Permissions for the Server Files
and Directories
| File/Directory |
File Permission |
| $HOME (home directory) |
drwx------ or drwxr--r-- |
| $HOME/.ssh |
drwx------ or drwxr--r-- |
| $HOME/.ssh/authorized_keys and $HOME/.ssh/authorized_keys2 |
-rw-r--r-- or
-rw------ |
|
|
|
|
|
NOTE: The $HOME and $HOME/.ssh
directories, and all the files in the $HOME/.ssh directories must be owned by the
respective users whose home directories they are. |
|
|
|
|
-
To connect to the server, run the following
command:
Where:
Clay is the name of
the server to which you want to connect.
The server does not prompt for the password. The
secure connection is established between the server and the
client.
Printable
version
