The ssh program enables you to log into and execute commands on a remote system. ssh enables encrypted communications and an authentication process between two untrusted hosts over an insecure network.
In this procedure, you first create a DSA key pair. From the key pair, you append the public key from the source system to the authorized_keys file on the target systems.
Read the ssh documentation and online manual pages before enabling ssh. Contact your operating system support provider for issues regarding ssh configuration.
Visit the Openssh website that is located at: http://www.openssh.com/ to access online manuals and other resources.
To create the DSA key pair
sys1 # cd /root
sys1 # ssh-keygen -t dsa
System output similar to the following is displayed:
Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa):
/root/.ssh/id_dsa
. Enter passphrase (empty for no passphrase):
Do not enter a passphrase. Press Enter.
Enter same passphrase again:
Press Enter again.
Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 1f:00:e0:c2:9b:4e:29:b4:0b:6e:08:f8:50:de:48:d2 root@sys1
To append the public key from the source system to the authorized_keys file on the target system, using secure file transfer
Use the secure file transfer program.
In this example, the file name id_dsa.pub
in the root directory is the name for the temporary file for the public key.
Use the following command for secure file transfer:
sys1 # sftp sys2
If the secure file transfer is set up for the first time on this system, output similar to the following lines is displayed:
Connecting to sys2 ... The authenticity of host 'sys2 (10.182.00.00)' can't be established. DSA key fingerprint is fb:6f:9f:61:91:9d:44:6b:87:86:ef:68:a6:fd:88:7d. Are you sure you want to continue connecting (yes/no)?
Output similar to the following is displayed:
Warning: Permanently added 'sys2,10.182.00.00' (DSA) to the list of known hosts. root@sys2 password:
sftp> put /root/.ssh/id_dsa.pub
The following output is displayed:
Uploading /root/.ssh/id_dsa.pub to /root/id_dsa.pub
sftp> quit
id_dsa.pub
keys to the authorized_keys
file on the target system. To begin the ssh session on the target system (sys2 in this example), type the following command on sys1:sys1 # ssh sys2
Enter the root password of sys2 at the prompt:
password:
Type the following commands on sys2:
sys2 # cat /root/id_dsa.pub >> /root/.ssh/authorized_keys sys2 # rm /root/id_dsa.pub
sys1 # exec /usr/bin/ssh-agent $SHELL sys1 # ssh-add
Identity added: /root/.ssh/id_dsa
This shell-specific step is valid only while the shell is active. You must execute the procedure again if you close the shell during the session.
To verify that you can connect to a target system
sys1 # ssh -l root sys2 uname -a
where sys2 is the name of the target system.