| | |
| ||
| ||
     |
To set up user public-key authentication from a Unix client, do the following steps:
To enable public-key authentication on the client, the
authentication-methods element of the ssh-broker-config.xml
file must contain an authentication-method
element with the name attribute value publickey:
<authentication-methods> ... <authentication-method name="publickey" /> ... </authentication-methods>
Other authentication methods can be listed in the configuration file as well.
On Client, create a key pair by executing
ssh-keygen-g3.
Client> ssh-keygen-g3 Generating 2048-bit dsa key pair 1 oOo.oOo.o Key generated. 2048-bit dsa, user@Client, Wed Mar 22 2005 00:13:43 +0200 Passphrase : Again : Private key saved to /home/user/.ssh2/id_dsa_2048_a Public key saved to /home/user/.ssh2/id_dsa_2048_a.pub
ssh-keygen-g3 will now ask for a passphrase for the new key.
Enter a sufficiently long (20 characters or so) sequence of any
characters (spaces are OK). ssh-keygen-g3 creates a
.ssh2 directory in your home directory (if it
is not already present), and stores your new authentication key
pair in two separate files. One of the keys is your private key
which must never be made available to anyone but
yourself. The private key can only be used together with the
passphrase.
In the example above, the private key file is
id_dsa_2048_a. The other file id_dsa_2048_a.pub is
your public key, which can be distributed to other computers.
By default, ssh-keygen-g3 creates a DSA key pair. RSA
keys can be generated by specifying the -t flag with
ssh-keygen-g3:
Client> ssh-keygen-g3 -t rsa
(Optional) On Client,
create an identification file in your
$HOME/.ssh2 directory.
Client> cd ~/.ssh2 Client> echo "IdKey id_dsa_2048_a" > identification
You now have an identification file which
consists of one line that denotes the file containing your
identification (your private key). For special applications,
you can create multiple identifications by executing
ssh-keygen-g3 again.
With SSH Tectia Client 5.x, using the identification file
is not necessary if all your keys are stored in the default directory
and you allow all of them to be used for public-key and/or certificate
authentication. If the identification file does not exist,
the Connection Broker attempts to use each key found in the $HOME/.ssh2
directory.
You can also add other directory locations using the
key-store element in the ssh-broker-config.xml
file.
Connect to Server using some other
authentication method and copy your public key (for example,
id_dsa_2048_a.pub) to your authorized_keys
directory ($HOME/.ssh2/authorized_keys on Unix servers,
%USERPROFILE%\.ssh2\authorized_keys on Windows servers).
If you want to login to Server from other hosts,
create a key pair on the hosts (steps 2 and 3) and repeat step 4 on
Server. (Remember to specify a different file name for each
key pair.)
![[Note]](images/note.gif) | Note |
|---|---|
SSH Tectia Server 4.x (or older) requires an Key authorized_keys/id_dsa_2048_a.pub This directs SSH Tectia Server to use |
Now you should be able to log in from Client to
Server using public-key authentication.
Try to login:
Client>sshg3 Server Passphrase for key "/home/user/.ssh2/id_dsa_2048_a with comment "2048-bit dsa, created by user@Client Wed Mar 22 2005 00:13:43 +0200":
After you have entered the passphrase of your private key, a Secure Shell connection will be established.
| |
Copyright 
2005 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information