Go to main content

Managing Secure Shell Access in Oracle® Solaris 11.3

Exit Print View

Updated: June 2019
 
 

How to Generate a Public/Private Key Pair for Use With Secure Shell

Users must generate a public/private key pair when their site implements host-based authentication or user public-key authentication. For additional options, see the ssh-keygen(1) man page.

Before You Begin

Ask your system administrator whether host-based authentication is configured.

  1. Start the key generation program.
    mySystem$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    ...

    where –t is the type of algorithm, either rsa, dsa, or rsa1.

  2. Specify the path to the file that will hold the key.

    By default, the file name id_rsa, which represents an RSA v2 key, appears in parentheses. You can select this file by pressing the Return key or provide an alternative file name.

    Enter file in which to save the key (/home/username/.ssh/id_rsa):<Press Return>

    The file name of the public key is created automatically by appending the string .pub to the name of the private key file.

  3. Type a passphrase for using your key.

    This passphrase is used for encrypting your private key. A null entry is strongly discouraged. Note that the passphrase is not displayed when you type it in.

    Enter passphrase (empty for no passphrase): passphrase
  4. Retype the passphrase to confirm it.
    Enter same passphrase again: passphrase
    Your identification has been saved in /home/username/.ssh/id_rsa
    Your public key has been saved in /home/username/.ssh/id_rsa.pub
    The key fingerprint is:
    0e:fb:3d:57:71:73:bf:58:b8:eb:f3:a3:aa:df:e0:d1 username@mySystem
  5. Check that the path to the key file is correct.
    $ ls ~/.ssh
    id_rsa
    id_rsa.pub

    At this point, you have created a public/private key pair.

  6. Log in to the remote host.

    Choose one of the following login steps based on your site's authentication method.

    • For host-based authentication, copy the local host's public key to the remote host.
      1. Type the following command on one line with no backslash.
        $ cat /etc/ssh/ssh_host_rsa_key.pub | ssh RemoteSys \
        'cat >> ~/.ssh/known_hosts && echo "Host key copied"'
      2. When you are prompted, supply your login password.
        Enter password: password
        Host key copied
        $

        You can now log in to the remote host. For details, see How to Log In to a Remote Host With Secure Shell.

    • For user authentication with public keys, populate your authorized_keys file on the remote host.
      1. Copy your public key to the remote host.

        Type the following command on one line with no backslash.

        mySystem$ cat ~/.ssh/id_rsa.pub | ssh myRemoteSys \
        'cat >> ~/.ssh/authorized_keys && echo "Key copied"'
      2. When you are prompted, supply your login password.
        Enter password: password
        Key copied
        mySystem$
  7. (Optional) Avoid future prompting for passphrases.

    See How to Reduce Password Prompts in Secure Shell. For more information, see the ssh-agent (1) and ssh-add (1) man pages.