UnixPedia : HPUX / LINUX / SOLARIS: HPUX : Generation and Distribution of SSH KEY

Sunday, January 20, 2013

HPUX : Generation and Distribution of SSH KEY


Machine1 (user1) wants to login Machine2 (user2) without password.
To configure public-key authentication, follow these steps:
1.      To generate RSA key pairs, run the following command on the Machine1 as user1:
#  mkdir  ~/.ssh
#  ssh-keygen -t rsa
2.      The following output is displayed:
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):<Press Enter>
Enter passphrase (empty for no passphrase): <Press Enter>
Enter same passphrase again: <Press Enter>
Your identification has been saved in /tmp/hi.
Your public key has been saved in /tmp/hi.pub.
The key fingerprint is:
84:7d:f5:dd:88:f7:53:88:8a:6e:f7:85:04:28:6e:ed root@<hostname>
5.      HP-UX Secure Shell generates the key pairs id_rsa and id_rsa.pub and stores them in the $HOME/.ssh directory on the Machine1 system.
6.      Set the following configuration directive in the /opt/ssh/etc/sshd_config configuration file on the Machine1 system:

PubkeyAuthentication yes

9.      To ensure that the permissions of the home directory of the Machine1, the $HOME/.ssh directories, and all files under the $HOME/.ssh directory match the permissions listed in Table 4-2, run the following commands:
# ll -d $HOME
# ll -d $HOME/.ssh
#ll $HOME/.ssh/


11.  Table 4-2 lists the specific permissions for these files and directories.
12.  Table 4-2 Permissions for the Machine1 Files and Directories
File/Directory
Permissions
$HOME (home directory)
drwx------    or drwxr-xr-x
$HOME/.ssh
drwx------   or drwxr--r--
$HOME/.ssh/id_rsa and id_dsa
-rw-r--r--    or -rw------
$HOME/.ssh/id_rsa.pub and id_dsa.pub
-rw-r--r-- or -rw------
$HOME/.ssh/config
-rwx------
· 
#mkdir ~/.ssh  [Run this command in Machine2 as user2]
Now the below commands in Machine1 as user1:
#cat $HOME/.ssh/id_dsa.pub |ssh  user2@Machine2  ‘cat - >> $HOME/.ssh/authorized_keys



The following output is displayed:

The authenticity of host ’remoteuser.remotehost (15.70.189.130)’ can’t be established
RSA key fingerprint is 2a:c9:77:ad:d5:d3:ef:c3:1e:12:12:9e:3a:9f:c0:38.
Are you sure you want to continue connecting (yes/no)?

· Enter yes to continue with the connection. The following message is displayed:


Enter no if you do not want to continue with the connection.
·  To enable public-key authentication, set the following directive in the Machine2 configuration file /opt/ssh/etc/sshd_config:

PubkeyAuthentication yes

·  Set the directory and file permissions on the Machine2 as specified in Table 4-3.
Table 4-3 Permissions for the Machine2 Files and Directories
File/Directory
File Permission
$HOME (home directory)
drwx------    or drwxr-xr-x
$HOME/.ssh
drwx------   or drwxr--r--
$HOME/.ssh/authorized_keys and $HOME/.ssh/authorized_keys2
-rw-r--r--    or -rw------


NOTE: The $HOME and $HOME/.ssh directories, and all the files in the $HOME/.ssh directories must be owned by the respective users whose home directories they are.

· To connect to the Machine2 (user2), run the following command in Machine1 as user1:

$ ssh Machine2

The Machine2 does not prompt for the password. The secure connection is established between the Machine2 and the Machine1.

In order to set up ssh to only accept login by public key and not interactive login, the following changes are needed to sshd_config

PermitRootLogin without-password

Change: (remove the # and save the file)
#PubkeyAuthentication yes
to
PubkeyAuthentication yes

You must restart the sshd daemon next to implement:

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Make sure you have placed a public key file from a system you want to login and tested it first or your access will be console, hands on the keyboard only. That can be a big problem on remote systems.

1 comment:

  1. Unixpedia : Hpux / Linux / Solaris: Hpux : Generation And Distribution Of Ssh Key >>>>> Download Now

    >>>>> Download Full

    Unixpedia : Hpux / Linux / Solaris: Hpux : Generation And Distribution Of Ssh Key >>>>> Download LINK

    >>>>> Download Now

    Unixpedia : Hpux / Linux / Solaris: Hpux : Generation And Distribution Of Ssh Key >>>>> Download Full

    >>>>> Download LINK Tk

    ReplyDelete