Setting up public key authentication over SSH

To set up public key authentication over SSH, you must generate the public-private key pair on the client computer, and then append the public key to the authorized keys on the SSH server.

Before you begin

Before you begin
  • Install an SSH client (for example, openSSH) on the computer where the Design Studio is installed.

About this task

About this task

In the following procedure, the client is the computer where the Design Studio is installed, and the server is the remote computer that you connect to.

Procedure

To set up public key authentication over SSH:

Procedure

  1. Generate the private and public keys by using the Digital Signature Algorithm (DSA) standard. Run the following command on the client computer: 
    ssh-keygen -t dsa -b 1024
    The -b option provides 1024-bit keys. Optionally, you can type a passphrase to encrypt your private key.
    Important: Type a long strange sentence for the passphrase that others cannot easily guess. For example, 5!0 friends arrived - solved my eSQL HomeWork - GR8 work
    The ssh-keygen command generates the following two files on the client computer:
    id_dsa
    This is your private key. Keep this file in a safe place on your computer.
    id_dsa.pub
    This is your public key. Distribute this file to people that you want to communicate with.
  2. Make sure that the server that you are connecting to has a .ssh directory in your home directory.
    If the .ssh directory does not exist, run the ssh-keygen command that is shown in step 1. The .ssh directory is created with the correct permissions.
  3. Copy the public key to the remote server or run a secure FTP operation (SFTP) to transfer the public key to the remote server.
    For example, run the following commands to transfer the id_dsa.pub public key to the remote computer remote.ibm.com:
    $client> sftp userID@remote.ibm.com
$sftp> put id_dsa.pub
  4. If the file $HOME/.ssh/authorized_keys does not exist on the remote server, create the file. Then
  5. Append the id_dsa.pub public key to the file by running the following command: 
    cat ~/id_dsa.pub > ~/.ssh/authorized_keys
  6. Connect to the remote server by using SSH without entering your password. Test the communication by performing these steps:
    1. On the remote computer, start the SSH server in debug mode and in non-daemon mode. 
      sshd -D -d -e
    2. On the client computer, use the verbose option. 
      ssh -vvv -2 ls
    If you see the following error on the server: Authentication refused: bad ownership or modes for directory, it means that the file permissions for the .ssh folder and files are too loose. Fix the file permissions on the server as follows:
    server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys