To generate RSA key pairs, run the following command on the client:
# ssh-keygen -t [rsa│dsa] |
The following output is displayed:
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa): <file name>
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/hi.
Your public key has been saved in /tmp/hi.pub.
The key fingerprint is:
84:7d:f5:dd:88:f7:53:88:8a:6e:f7:85:04:28:6e:ed root@<hostname> |
HP-UX Secure Shell generates the key pairs id_rsa and id_rsa.pub and stores them in the $HOME/.ssh directory on the client system.
Set the following configuration directive in the /opt/ssh/etc/sshd_config configuration file on the client system:
 |
| |
|
 | NOTE: For backward compatibility purposes, HP-UX Secure Shell supports the RSAAuthentication configuration directive in both the client and server configurations. This directive also enables public-key authentication for the client, but only for the SSH-1 protocol. |
|
| |
|
To ensure that the permissions of the home directory of the client, the $HOME/.ssh directories, and all files under the $HOME/.ssh directory match the permissions listed in Table 4-2, run the following commands:
# ll -d $HOME
# ll -d $HOME/.ssh
#ll $HOME/.ssh/ |
Table 4-2 lists the specific permissions for these files and directories.
Table 4-2 Permissions for the Client Files and Directories
| File/Directory | Permissions |
|---|
| $HOME (home directory) | drwx------ or drwxr--r-- |
| $HOME/.ssh | drwx------ or drwxr--r-- |
| $HOME/.ssh/id_rsa and id_dsa | -rw-r--r-- or -rw------ |
| $HOME/.ssh/id_rsa.pub and id_dsa.pub | -rw-r--r-- or -rw------ |
| $HOME/.ssh/config | -rwx------ |
Copy the public key in the client system to the home directory of the server using the following command:
# cat $HOME/.ssh/id_dsa.pub │ ssh remoteuser@remotehost
’cat - >> $HOME/.ssh/authorized_keys’ |
The following output is displayed:
The authenticity of host ’remoteuser.remotehost (15.70.189.130)’ can’t be established
RSA key fingerprint is 2a:c9:77:ad:d5:d3:ef:c3:1e:12:12:9e:3a:9f:c0:38.
Are you sure you want to continue connecting (yes/no)? |
Enter yes to continue with the connection. The following message is displayed:
Warning: Permanently added ’itanika2.india.hp.com’ (RSA) to the list of known hosts. |
Enter no if you do not want to continue with the connection.
To enable public-key authentication, set the following directive in the server configuration file /opt/ssh/etc/sshd_config:
Set the directory and file permissions on the server as specified in Table 4-3.
Table 4-3 Permissions for the Server Files and Directories
| File/Directory | File Permission |
|---|
| $HOME (home directory) | drwx------ or drwxr--r-- |
| $HOME/.ssh | drwx------ or drwxr--r-- |
| $HOME/.ssh/authorized_keys and $HOME/.ssh/authorized_keys2 | -rw-r--r-- or -rw------ |
|
| |
|
| NOTE: The $HOME and $HOME/.ssh directories, and all the files in the $HOME/.ssh directories must be owned by the respective users whose home directories they are. |
|
| |
|
To connect to the server, run the following command:
Where:
Clay is the name of the server to which you want to connect.
The server does not prompt for the password. The secure connection is established between the server and the client.
Printable version
