To enable public-key authentication with your key pair:
(Optional) Create an identification file.
Create a file called identification
, on Unix in your
$HOME/.ssh2
directory, or on Windows in your
"%USERPROFILE%\Application Data\SSH
" directory.
Edit it with your favorite text editor to include the following line
(replace id_dsa_2048_a
with the filename of the private key):
IdKey id_dsa_2048_a
The keys are assumed to be in the same directory with the
identification
file, but also an absolute or a relative path
can be given. For example, on Windows:
IdKey UserKeys\id_dsa_2048_a
For more information on the syntax of the identification file, see
$HOME/.ssh2/identification
.
Place your keys in a directory where the Connection Broker can locate them.
With SSH Tectia Client 5.x, using the identification
file is not
necessary if all your keys are stored in the default directory and you allow
all of them to be used for public-key and/or certificate authentication. If
the identification
file does not exist, the Connection Broker attempts to
use each key found in the $HOME/.ssh2
directory on Unix, or in
the "%USERPROFILE%\Application Data\SSH\UserKeys
" and
"%USERPROFILE%\Application Data\SSH\UserCertificates
"
directories on Windows. If the identification
file exists,
the keys listed in it are attempted first.
On Windows, you can also add other directory locations for keys on the
Keys and Certificates page of the SSH Tectia Configuration
tool. See Managing Keys and Certificates. On Unix, you can use the
key-store
element in the ssh-broker-config.xml
file. See the section called “Key Store Configuration Examples”.
Connect to Server
using some other authentication
method and upload the public key.
Depending on the server version, do the following:
With SSH Tectia Server 5.x on Unix and Windows, use SCP to upload your
public key to the server, to your authorized_keys
directory
(by default $HOME/.ssh2/authorized_keys
on Unix servers, or
%USERPROFILE%\.ssh2\authorized_keys
on Windows
servers):
$ scpg3 id_dsa_2048_a.pub ServerUser@5xServer:.ssh2/authorized_keys/An authorization file may be optionally used with SSH Tectia Server 5.x on Unix and Windows. See instructions for creating the file below in the SSH Tectia Server 4.x information.
SSH Tectia Server 4.x (or older) requires an
authorization
file stored in your .ssh2
directory. The authorization file specifies the public keys that are
authorized for login.
Use SCP to upload your public key to the server (by default to the
$HOME/.ssh2
directory on Unix and to the
%USERPROFILE%\.ssh2
directory on Windows servers) and edit
the authorization file:
$ scpg3 id_dsa_2048_a.pub ServerUser@4xServer:.ssh2/
An example authorization file is shown below (by default
$HOME/.ssh2/authorization
on Unix and
%USERPROFILE%\.ssh2\authorization
on Windows servers):
Key id_dsa_2048_a.pub
This directs SSH Tectia Server to use id_dsa_2048_a.pub
as a valid
public key when authorizing your login.
With SSH Tectia Server for IBM z/OS 5.x, use SCP to upload your public key to the
server (by default to the $HOME/.ssh2
) and edit the
authorization file. SSH Tectia Server for IBM z/OS 5.x requires an authorization
file
stored in your .ssh2
directory. The authorization file
specifies the public keys that are authorized for login.
With SSH Tectia Server for IBM z/OS, the public key must be converted to the EBCDIC format. This can be done by using an advisor string in the file transfer command, for example:
$ scpg3 id_dsa_2048_a.pub ServerUser@zOSServer:/ftadv:C=ISO8859-1,D=IBM-1047,X=TEXT/.ssh2/
An example authorization file is shown below (by default
$HOME/.ssh2/authorization
on SSH Tectia Server for IBM z/OS servers):
Key id_dsa_2048_a.pub
With OpenSSH server, use SCP to upload your public key to the
server, to your $HOME/.ssh
directory:
$ scpg3 id_dsa_2048_a.pub ServerUser@OpenServer:.ssh/
The OpenSSH server requires that the public key is converted to the
OpenSSH public-key file format. Convert the public key to the OpenSSH
public key file format on the server and append it to your
~/.ssh/authorized_keys
file. This can be done with the
following command:
$ sshg3 ServerUser@OpenServer "ssh-keygen -i -f id_dsa_2048_a.pub >> .ssh/authorized_keys"
Make sure that public-key authentication is allowed in the
ssh-broker-config.xml
file (it is allowed by default). The
configuration file should contain an authentication-method
element line like the following:
<authentication-methods> <authentication-method name="publickey" /> ... </authentication-methods>
Other authentication methods can be listed in the configuration file as well. Place the least interactive method first.
Assuming Server
is configured to allow public-key
authentication to your account, you should now be able to log in from
Client
to Server
using public-key
authentication.
Try to log in:
Client$ sshg3 Server
You should be prompted for the passphrase of the private key. After you have entered the passphrase, a Secure Shell connection will be established.