Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How do I set the public keys up correctly for a migration from an HP-UNIX server to I
Top Forums UNIX for Dummies Questions & Answers How do I set the public keys up correctly for a migration from an HP-UNIX server to I Post 302220044 by Smiling Dragon on Wednesday 30th of July 2008 07:28:05 PM
Old 07-30-2008
Java
For some background on public/provate key pairs:
Public-key cryptography - Wikipedia, the free encyclopedia

Each ssh server (ie sshd) should have it's own unique host key pairs (ie, nothing to do with the user or your home dir). These verify that the server you are connecting to is who it says it is (via your known_hosts file) and handles the actual data encryption.

Then, each user of ssh can generate a key pair (or many if they wish) if they want to identify themselves via these keys. Whatever you do, don't overwrite one user's generated keys with another just to get a login to work.
To enable passwordless authentication via keys, copy the public key of the source into the authorized_keys file of the destination.

Example:
USER1 on HOSTA wants to be able to log in as USER2 on HOSTB.
  1. Log into HOSTA as USER1
  2. Generate a key pair for USER1
  3. Take a copy of the _public_ key from the pair you just made
  4. Log in to HOSTB as USER2
  5. Create (or edit) the authorized_keys file (this filename is defined in the sshd configuration on HOSTB)
  6. Add your public key for USER1 from HOSTA to the authorized_keys file belonging to USER2 on HOSTB
  7. Most key generators create a short comment at the end of the public key, make sure this also gets added to your authorized_keys file (ie just add the whole block) as this makes it easier to manage things if you get a lot of keys. You can make something up in this field if you want to help you track them
  8. OPTIONAL: Prepend the key in your authorized_keys file with from="<ip address>" if you want to increase the security by also validating the user by the IP they come from (both must be correct before it will allow a login)
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SSH public and private keys

Firstly, i apologise if i have posted in a wrong section of the forum. Please let me know which is the correct section my post should go to. I have to SCP a file from one server(server A) to another (server B). I read around that a secure way is to use public and private keys. Assuming my... (2 Replies)
Discussion started by: new2ss
2 Replies

2. UNIX for Dummies Questions & Answers

ssh public keys

Hello*! I have problems with public keys. On one side i have Solaris 10, and on other side is HP UNIX. I created public keys on Solaris with "ssh-keygen -t rsa", append id_rsa.pub key to ~user/.ssh/authorized_keys on remote machine, and tried to connect with ssh without password. But for some... (1 Reply)
Discussion started by: ghost01
1 Replies

3. UNIX for Dummies Questions & Answers

ssh public/private Keys

Hello, I have an issue with an outside party trying to deliver a file to our server via SFTP. I have setup the .ssh directory under the home directory for the user account that is being used and setup the authorized_keys file with correct permissons etc for .ssh directory and file. We... (2 Replies)
Discussion started by: richo king
2 Replies

4. Solaris

Public keys for GPG Encryption

HI, I'm trying to encrypt a file and i'll FTP it to a external server.When i encrypt it using the command gpg -e -r 'recipient name' <filename> its asking me for public keys.Is there a way to encrypt without having to give the public keys? or if i need to give public keys i... (1 Reply)
Discussion started by: James777
1 Replies

5. Shell Programming and Scripting

What are public keys in ssh and how do we create the public keys??

Hi All, I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server. Please provide the information for the above, it would be helpful for me. Thanks, Ravindra (1 Reply)
Discussion started by: ravi3cha
1 Replies

6. Solaris

LC_ALL & LANG are set OK, but others couldn't set locale correctly.

Hi, I have a Solaris (SunOS 5.10) installed, by default with the en_AU.UTF-8 locale. I want to change it to en_US.UTF-8 With AU, I have no issues whatsoever, so I installed the language package and now locale -a shows "en_US.UTF-8". Problem is even with LC_ALL set in etc/default/init, the... (2 Replies)
Discussion started by: asdfg
2 Replies

7. Shell Programming and Scripting

SFTP - Private and Public keys

Hi All, I have a query....say on server A, I have generated the Private and Public keys and shared the public key with server B. Now i can surelyconnect(without password) from server A to server B..... but can i similarly connect from server B to server A as well Regards (1 Reply)
Discussion started by: Arpit Narula
1 Replies

8. Shell Programming and Scripting

sftp using private and public keys

hi guys , i have few files i have to do sftp, the public and private key work like a magic , no problem at all the syntax is as below sftp -0 identityfile=~/ure/blsl/loc2/.ssh/id_rsa_ssh1 ssh1@remote >log_dir/file.timestamp<<end lcd folder cd folder put * quit end ================ my... (3 Replies)
Discussion started by: rockymayavia
3 Replies

9. UNIX for Dummies Questions & Answers

PGP importing public keys method

Hi Guys, I am trying to import the public of vendor to my system. I am getting below error while importing public key. can anyone please help me with this?? laranakejt4:/u/raja/.pgp $ pgp --import secure.asc 0x1545A56A52:import key (4007:key failed signature check) secure.asc:import key... (2 Replies)
Discussion started by: Vinoth Kumar G
2 Replies

LEARN ABOUT DEBIAN

ssh-copy-id

SSH-COPY-ID(1)						      General Commands Manual						    SSH-COPY-ID(1)

NAME

       ssh-copy-id - install your public key in a remote machine's authorized_keys

SYNOPSIS

       ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

       ssh-copy-id  is	a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/autho-
       rized_keys file.

       If the -i option is given then the identity file (defaults to ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in  your
       ssh-agent.  Otherwise, if this:

	     ssh-add -L

       provides any output, it uses that in preference to the identity file.

       If  the -i option is used, or the ssh-add produced no output, then it uses the contents of the identity file.  Once it has one or more fin-
       gerprints (by whatever means) it uses ssh to append them to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory,
       if necessary.)

NOTES

       This program does not modify the permissions of any pre-existing files or directories. Therefore, if the remote sshd has StrictModes set in
       its configuration, then the user's home, ~/.ssh folder, and ~/.ssh/authorized_keys file may need to have group writability  disabled  manu-
       ally, e.g. via

	     chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys

       on the remote machine.

SEE ALSO

       ssh(1), ssh-agent(1), sshd(8)

OpenSSH 							 14 November 1999						    SSH-COPY-ID(1)
All times are GMT -4. The time now is 05:16 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy