Hi, You have to generate the publickey following way: User Public Key Authentication Per-user configuration information and encryption keys are stored in the .ssh2 subdirectory of each user's home directory. In the following instructions, Remote is the SSH Secure Shell server machine into which you are trying to connect, and Local is the machine running an SSH Secure Shell client. Keys generated with ssh-keygen In order to set up user public key authentication, either use the Public Key Manager, ssh-pubkeymgr, or do a manual setup according to the following instructions. To make sure that public key authentication is enabled, the AllowedAuthentications field both in /etc/ssh2/sshd2_config file on Remote and in /etc/ssh2/ssh2_config file on Local should contain the word publickey: AllowedAuthentications publickey Other authentication methods can be listed in the configuration file as well. 1. Create a keypair by executing ssh-keygen (ssh-keygen2) on Local. Local> ssh-keygen Generating 1024-bit dsa key pair 1 oOo.oOo.o Key generated. 1024-bit dsa, user@Local, Wed Mar 22 2000 00:13:43 +0200 Passphrase : Again : Private key saved to /home/user/.ssh2/id_dsa_1024_a Public key saved to /home/user/.ssh2/id_dsa_1024_a.pub Ssh-keygen will ask you for a passphrase for the new key. Enter a sufficiently long (20 characters or so) sequence of any characters (white spaces are OK). Ssh-keygen creates a .ssh2 directory in your home directory, and stores your new authentication key pair in two separate files. One is your private key which must NEVER be made available to anyone but yourself. The private key can only be used together with the passphrase. In the above example, the private key file is id_dsa_1024_a. The other file id_dsa_1024_a.pub is your public key, which can be distributed to other computers. 2. Create an identification file in your ~/.ssh2 directory on Local. Local> cd ~/.ssh2 Local> echo "IdKey id_dsa_1024_a" > identification You now have an identification file which consists of one line that denotes the file containing your identification (your private key). For special applications, you can create multiple identifications by executing ssh-keygen again. This is, however, not needed in the most common cases. 3. Copy your public key (id_dsa_1024_a.pub) to the ~/.ssh2 directory on Remote. 4. Create an authorization file in your ~/.ssh2 directory on Remote. Add the following line to authorization: Key id_dsa_1024_a.pub This directs the SSH server to use id_dsa_1024_a.pub as a valid public key when authorizing your login. If you want to login to Remote from other hosts, create authorization keys on the hosts (steps 1 and 2) and repeat steps 3 and 4 on Remote. 5. Now you should be able to login to Remote from Local using Secure Shell. Try to login: Local>ssh Remote Passphrase for key "/home/user/.ssh2/id_dsa_1024_a with comment "1024-bit dsa, created by user@Local Wed Mar 22 2000 00:13:43 +0200": After you have entered the passphrase of your private key, a Secure Shell connection will be established. Example : ny-fme-01:more /etc/ssh2/ssh2_config # ssh2_config # SSH 2.0 Client Configuration File *: Port 22 # Ciphers AnyStdCipher Ciphers 3des ny-cnc-01:more /etc/ssh2/sshd2_config # Ciphers AnyStd # Ciphers AnyCipher # Ciphers AnyStdCipher Ciphers 3des AllowedAuthentications publickey,password,hostbased # RequiredAuthentications publickey,password RequireReverseMapping yes UserKnownHosts yes # subsystem definitions subsystem-sftp sftp-server ny-fme-01:more authorization key foo.pub ny-cnc-01:more identification IdKey id_dsa_1024_a Server #cp -r id_dsa_1024_a.pub ~/.ssh2/foo.pub Regards, Mukesh Patel GoamericaReceived on Wed Jul 11 20:38:20 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:59 EDT