Setting up an SSH client
Secure Shell (SSH) is a client/server network application. It is used as a communication vehicle between the host system (for example, a laptop computer) and the system command-line interface (CLI).
Overview
The system acts as the SSH server in this relationship. If you require command-line access without entering a password, it uses the principles of public and private keys for authentication.
Authenticating SSH logins
Generate a Secure Shell (SSH) key pair to use the command-line interface (CLI). Additionally, when you use the SSH to log in to the system, you must use the RSA-based private key authentication.
With this scheme (as in similar OpenSSH systems on other host types), the encryption, and decryption is done by using separate keys. This scheme means that it is not possible to derive the decryption key from the encryption key.
Because physical possession of the private key allows access to the system, the private key must be kept in a protected place, such as the .ssh directory on the AIX host, with restricted access permissions.
When SSH client (A) attempts to connect to SSH server (B), the SSH password (if you require command-line access without entering a password, the key pair) authenticates the connection. The key consists of two halves: the public keys and private keys. The SSH client public key is put onto SSH Server (B) using some means outside of the SSH session. When SSH client (A) tries to connect, the private key on SSH client (A) is able to authenticate with its public half on SSH server (B).
To connect to the system, the SSH client requires a user login name and an SSH password (or if you require command-line access without entering a password, the key pair). Authenticate to the system by using a management username and password. When you use an SSH client to access a system, you must use your username and password. The system uses the password (and if not a password, the SSH key pair) to authorize the user who is accessing the system.
For multifactor authentication, IBM Security Verify communicates with the system and uses a PAM module to handle second factor authentication for SSH logins. For more information about multifactor authentication, refer to the Multifactor authentication.