How to Generate a Public/Private Key <meta http-equiv="refresh" content="0;url='http://www.oracle.com/pls/topic/lookup?ctx=solaris11'"> Pair for Use With Solaris Secure Shell (System Administration Guide: Security Services)

System Administration Guide: Security Services

How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell

Users must generate a public/private key pair when their site implements host-based authentication or user public-key authentication. For additional options, see the ssh-keygen(1) man page.

Before You Begin

Determine from your system administrator if host-based authentication is configured.

Start the key generation program.
myLocalHost% ssh-keygen -t rsa Generating public/private rsa key pair. …
where -t is the type of algorithm, one of rsa, dsa, or rsa1.

Specify the path to the file that will hold the key.

By default, the file name id_rsa, which represents an RSA v2 key, appears in parentheses. You can select this file by pressing the Return key. Or, you can type an alternative file name.
Enter file in which to save the key (/home/jdoe/.ssh/id_rsa):<Press Return>
The file name of the public key is created automatically by appending the string .pub to the name of the private key file.

Type a passphrase for using your key.

This passphrase is used for encrypting your private key. A null entry is strongly discouraged. Note that the passphrase is not displayed when you type it in.
Enter passphrase (empty for no passphrase): <Type passphrase>

Retype the passphrase to confirm it.

Enter same passphrase again: <Type passphrase>
Your identification has been saved in /home/jdoe/.ssh/id_rsa.
Your public key has been saved in /home/jdoe/.ssh/id_rsa.pub.
The key fingerprint is:
0e:fb:3d:57:71:73:bf:58:b8:eb:f3:a3:aa:df:e0:d1 jdoe@myLocalHost

Check the results.

Check that the path to the key file is correct.
% ls ~/.ssh id_rsa id_rsa.pub
At this point, you have created a public/private key pair.

Choose the appropriate option:
- If your administrator has configured host-based authentication, you might need to copy the local host's public key to the remote host.
  
  You can now log in to the remote host. For details, see How to Log In to a Remote Host With Solaris Secure Shell.
  1. Type the command on one line with no backslash.
    % cat /etc/ssh/ssh_host_dsa_key.pub | ssh RemoteHost \ 'cat >> ~./ssh/known_hosts && echo "Host key copied"'
  2. When you are prompted, supply your login password.
    Enter password: <Type password> Host key copied %
- If your site uses user authentication with public keys, populate your authorized_keys file on the remote host.
  1. Copy your public key to the remote host.
    
    Type the command on one line with no backslash.
    myLocalHost% cat $HOME/.ssh/id_rsa.pub | ssh myRemoteHost \ 'cat >> .ssh/authorized_keys && echo "Key copied"'
  2. When you are prompted, supply your login password.
    
    When the file is copied, the message “Key copied” is displayed.
    Enter password: Type login password Key copied myLocalHost%

(Optional) Reduce the prompting for passphrases.

For a procedure, see How to Reduce Password Prompts in Solaris Secure Shell. For more information, see the ssh-agent(1) and ssh-add(1) man pages.

Example 19–2 Establishing a v1 RSA Key for a User

In the following example, the user can contact hosts that run v1 of the Solaris Secure Shell protocol. To be authenticated by v1 hosts, the user creates a v1 key, then copies the public key portion to the remote host.

myLocalHost% ssh-keygen -t rsa1 -f /home/jdoe/.ssh/identity
Generating public/private rsa key pair.
…
Enter passphrase (empty for no passphrase): <Type passphrase>
Enter same passphrase again: <Type passphrase>
Your identification has been saved in /home/jdoe/.ssh/identity.
Your public key has been saved in /home/jdoe/.ssh/identity.pub.
The key fingerprint is:
…
myLocalHost% ls ~/.ssh
id_rsa
id_rsa.pub
identity
identity.pub
myLocalHost% cat $HOME/.ssh/identity.pub | ssh myRemoteHost \
'cat >> .ssh/authorized_keys && echo "Key copied"'