To set up public key authentication over SSH, you must
generate the public-private key pair on the client computer, and then
append the public key to the authorized keys on the SSH server.
Before you begin
Before you begin
- Install an SSH client (for example, openSSH) on the computer where
the Design Studio is installed.
About this task
About
this taskIn the following procedure, the
client is the computer where the Design Studio is installed, and the
server is the remote computer that you connect to.
Procedure
To
set up public key authentication over SSH:
Procedure
-
Generate the private and public keys by using the Digital
Signature Algorithm (DSA) standard. Run the following command on the
client computer:
ssh-keygen -t dsa -b 1024
The
-b option
provides 1024-bit keys. Optionally, you can type a passphrase to encrypt
your private key.
Important: Type
a long strange sentence for the passphrase that others cannot easily
guess. For example, 5!0 friends arrived - solved my eSQL
HomeWork - GR8 work
The
ssh-keygen command
generates the following two files on the client computer:
- id_dsa
- This is your private key. Keep this file in a
safe place on your
computer.
- id_dsa.pub
- This
is your public key. Distribute this file to people that you
want to communicate with.
-
Make sure that the server that you are connecting to has
a .ssh directory in your home directory.
If the .ssh directory
does not exist, run the ssh-keygen command that
is shown in step 1. The .ssh directory is created with the correct
permissions.
- Copy the public key to the remote
server or run a secure
FTP operation (SFTP) to transfer the public key to the remote server.
For example, run the following commands to transfer the id_dsa.pub public
key to the remote computer remote.ibm.com:
$client> sftp userID@remote.ibm.com
$sftp> put id_dsa.pub
- If the
file $HOME/.ssh/authorized_keys does
not exist on the remote server, create the file. Then
- Append the id_dsa.pub public key to the file by running
the following command:
cat ~/id_dsa.pub > ~/.ssh/authorized_keys
- Connect to the remote server by using SSH without
entering
your password. Test the communication by performing these steps:
- On the remote computer, start the SSH server
in debug
mode and in non-daemon mode.
- On the client computer, use the verbose option.
If you see the following error on the server:
Authentication
refused: bad ownership or modes for directory, it means that
the file permissions for the .ssh folder and files are too loose.
Fix the file permissions on the server as follows:
server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys