The following procedure sets up a public key system where the client's public key is used for authentication on the server. The user must also create a public/private key pair.
In the procedure, the terms client and local host refer to the system where a user types the ssh command. The terms server and remote host refer to the system that the client is trying to reach.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
In the client configuration file, /etc/ssh/ssh_config, type the following entry:
For the syntax of the file, see the ssh_config(4) man page.
In the server configuration file, /etc/ssh/sshd_config, type the same entry:
For the syntax of the file, see the sshd_config(4) man page.
For more information, see the FILES section of the sshd (1M) man page.
Set IgnoreRhosts to no in the /etc/ssh/sshd_config file.
## sshd_config IgnoreRhosts no
## sshd_config IgnoreUserKnownHosts no
For user instructions, see How to Generate a Public/Private Key Pair for Use With Secure Shell.
The host keys are stored in the /etc/ssh directory. The keys are typically generated by the sshd daemon on first boot.
On the client, type the following command on one line with no backslash.
# cat /etc/ssh/ssh_host_dsa_key.pub | ssh RemoteHost \ 'cat >> /etc/ssh/ssh_known_hosts && echo "Host key copied"'
Client and server could not agree on a key exchange algorithm: client "diffie-hellman-group-exchange-sha256,diffie-hellman-group- exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1", server "gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==". Make sure host keys are present and accessible by the server process. See sshd_config(4) description of "HostKey" option.
When the file is copied, the message “Host key copied” is displayed.
Each line in the /etc/ssh/ssh_known_hosts file consists of fields that are separated by spaces:
hostnames algorithm-name publickey comment
## /etc/ssh/ssh_known_hosts File RemoteHost <copied entry>
In the following example, each host is configured as a server and as a client. A user on either host can initiate an ssh connection to the other host. The following configuration makes each host a server and a client:
On each host, the Secure Shell configuration files contain the following entries:
## /etc/ssh/ssh_config HostBasedAuthentication yes # ## /etc/ssh/sshd_config HostBasedAuthentication yes IgnoreRhosts no
On each host, the shosts.equiv file contains an entry for the other host:
## /etc/ssh/shosts.equiv on machine2 machine1
## /etc/ssh/shosts.equiv on machine1 machine2
The public key for each host is in the /etc/ssh/ssh_known_hosts file on the other host:
## /etc/ssh/ssh_known_hosts on machine2 … machine1
## /etc/ssh/ssh_known_hosts on machine1 … machine2
Users have an account on both hosts. For example, the following information would appear for user John Doe:
## /etc/passwd on machine1 jdoe:x:3111:10:J Doe:/home/jdoe:/bin/sh
## /etc/passwd on machine2 jdoe:x:3111:10:J Doe:/home/jdoe:/bin/sh