test

System Administration Guide: Security Services

How to Create a Public/Private Key Pair

The standard procedure for creating a Solaris Secure Shell public/private key pair follows. For additional options, see the ssh-keygen(1) man page.

  1. Start the key generation program.


    myLocalHost% ssh-keygen
Generating public/private rsa key pair.
…

  2. Enter the path to the file that will hold the key.

    By default, the file name id_rsa, which represents an RSA v2 key, appears in parentheses. You can select this file by pressing the Return key. Or, you can type an alternative filename.


    Enter file in which to save the key (/home/johndoe/.ssh/id_rsa): <Return>

    The public key name is created automatically. The string .pub is appended to the private key name.

  3. Enter a passphrase for using your key.

    This passphrase is used for encrypting your private key. A good passphrase is 10-30 characters long, mixes alphabetic and numeric characters, and avoids simple English prose and English names. A null entry means no passphrase is used. A null entry is strongly discouraged for user accounts. Note that the passphrase is not displayed when you type it in.


    Enter passphrase (empty for no passphrase): <Type the passphrase>

  4. Re-enter the passphrase to confirm it.


    Enter same passphrase again: <Type the passphrase>
Your identification has been saved in /home/jdohnoe/.ssh/id_rsa.
Your public key has been saved in /home/johndoe/.ssh/id_rsa.pub.
The key fingerprint is:
0e:fb:3d:57:71:73:bf:58:b8:eb:f3:a3:aa:df:e0:d1 johndoe@myLocalHost

  5. Check the results.

    The key fingerprint, which is a colon-separated series of 2-digit hexadecimal values, is displayed. Check that the path to the key is correct. In the example, the path is /home/johndoe/.ssh/id_rsa.pub. At this point, you have created a public/private key pair.

  6. Set up the authorized_keys file on the destination host.

    1. Copy the id_rsa.pub file to the destination host. Type the command on one line with no backslash.


      myLocalHost% cat $HOME/.ssh/id_rsa.pub | ssh myRemoteHost \
 'cat >> .ssh/authorized_keys && echo "Key uploaded successfully."'

    2. When you are prompted, supply your login password.

      When the file is copied, the phrase “Key uploaded successfully.” is displayed.