SSH

Creating and Uploading Keys with the Command Line Tools

In addition to the Tectia Connections Configuration GUI available on Linux, you can use the command line tools for creating and uploading keys.

To create a public key pair, run ssh-keygen-g3 on the command line on Tectia Client:

Client$ ssh-keygen-g3
Generating 3072-bit rsa key pair
   15 o.oOo.oOOo.o
Key generated.
3072-bit rsa, ClientUser@Client, Mon Aug 15 2022 12:08:07 +0200
Passphrase : 
Again :
Private key saved to  /home/ClientUser/.ssh2/id_rsa_3072_a
Public key saved to   /home/ClientUser/.ssh2/id_rsa_3072_a.pub

ssh-keygen-g3 asks for a passphrase for the new key. Enter a sufficiently long (20 characters or so) sequence of any characters (spaces are OK).

The new authentication key pair consists of two separate files. One of the keys is your private key which must never be made available to anyone but yourself. The private key can only be used together with the passphrase.

The key pair is by default stored in your $HOME/.ssh2 directory (created by ssh-keygen-g3 if it does not exist previously).

In the example above, the private key file is id_rsa_3072_a. The other file id_rsa_3072_a.pub is your public key, which can be distributed to other computers.

By default, ssh-keygen-g3 creates a 3072-bit RSA key pair. DSA, ECDSA or Ed25519 keys can be generated by specifying the -t option with ssh-keygen-g3. Key length can be specified with the -b option. For automated jobs, the key can be generated without a passphrase with the -P option:

$ ssh-keygen-g3 -t ecdsa -b 384 -P 

Uploading Public Key Manually

To enable public-key authentication with your key pair:

  1. Check that your keys are stored in the default location: the $HOME/.ssh2 directory.

  2. Connect to Server using your password.

  3. Use the Secure Shell file copy client scpg3 to upload your public key to the server, to your default authorized_keys directory, the $HOME/.ssh2/authorized_keys directory:

    $ scpg3 id_rsa_3072_a.pub ServerUser@Server:.ssh2/authorized_keys/
    

The server will then use the uploaded public key to authenticate you when you log in after this.