The example shown in step 1 (see Listing 1) uses the
ssh-keygen
utility for user fsmythe to create the SSH private-public key pair with the type
of dsa
.Listing 1. Generate the SSH key pair
[fsmythe@example.com ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/fsmythe/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): ****** (Enter 'mypassword')
Enter same passphrase again: ****** (Enter 'mypassword')
Your identification has been saved in /home/fsmythe/.ssh/id_dsa.
Your public key has been saved in /home/fsmythe/.ssh/id_dsa.pub.
The key fingerprint is:
33:af:35:cd:58:9c:11:91:0f:4a:0c:3a:d8:1f:0e:e6 fsmythe@example.com
[fsmythe@example.com ~]$
|
The example shown in step 2 (Listing 2) illustrates copying the private key of the key pair from the source to the destination host's authorized_keys file within the .ssh subdirectory under the home directory of the desired user account on the destination host.
Listing 2. Copy the private key from the source host to the authorized_keys file on the destination host
[fsmythe@example.com ~]$ scp -p /home/fsmythe/.ssh/id_dsa.pub
fsmythe@thor01.com:/home/fsmythe/.ssh/authorized_keys
fsmythe@ thor01.com's password:
id_dsa.pub 100% 624 0.6KB/s 00:00
|
The example shown for step 3 (see Listing 3) makes the first-time remote SSH call (
ls -d /tmp
) to the destination server, thereby caching the key within your server's .ssh/known_hosts file. You enter the same passphrase with which you created the SSH private-public key pair, and the output of the command run on the remote destination server is seen locally back on your source server.Listing 3. Verify the SSH access by running a remote command on the target remote host
[fsmythe@example.com ~]$ ssh root@thor01.com ls -d /tmp
The authenticity of host 'thor01.com (10.12.53.118)' can't be established.
RSA key fingerprint is 84:4f:e5:99:0b:7d:54:d0:1b:3e:2b:96:02:34:41:25.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'thor01.com,10.12.53.118' (RSA) to the list of known hosts.
Enter passphrase for key '/root/.ssh/id_dsa': ****** (Enter 'mypassword')
/tmp
file1.txt
file2.txt
dir3_5432
|
Note: For the examples above, you didn't have to enter the user fsmythe's password. Rather, you enter the passphrase that you set in the first step. If you would rather not have to enter a passphrase when accessing the remote destination, create an empty passphrase by typing
enter
in step 1 when prompted for the passphrase. Now, you won't have to type anything to access the thor01.com remote target machine as the user fsmythe.
No comments:
Post a Comment