1. Administration and Configuration Guide
  2. Generic Configurations
  3. Public Key Authentication
  4. Setting Up Public Key Authentication on Client Server

Setting Up Public Key Authentication on Client Server

Setting up public key authentication to access a particular remote host is a one-time procedure comprising of three steps.
Step 1: Generate a public/private key pair on your webserver.
Use the ssh-keygen command to generate public/private key pair. The key-type flag -t is mandatory, accepting either "rsa" or "dsa" as an argument. In the example given, the -f option is also used to override the default name and location for the resulting private-key file.
When prompted for a passphrase, you can enter appropriate phrase or keep it empty.
$ ssh-keygen -t dsa -f ./<KEY_NAME>
The command produces two text files in current folder: The <KEY_NAME> folder contains the private key, and <KEY_NAME>.pub folder contains the public key. The private key must be kept secret. Accordingly, access to private key is restricted to the file owner and its contents are encrypted using the passphrase.
You can recreate <KEY_NAME>.pub from <KEY_NAME> by executing the following command: $ ssh-keygen -y -f ./<KEY_NAME> > <KEY_NAME>.pub
Step 2: Install the public key on the remote host to which you want to connect.
  1. Copy mykey.pub to your home directory on the remote host and append its contents to the authorized_keys file in the .ssh directory. If authorized_keys file is not present in .ssh directory, you can create it manually by executing the following command:
    $ scp <key_name>.pub <remote_user>@<remote_host>:<Remote_PATH>
    Here, <remote_host> is the IP address of the remote server.<remote_user> is the user name of the <remote_host> to which you want to connect.
  2. Login to remote host by executing the following command:
    $ ssh -l <remote_user> <remote_host>
  3. Append public key by executing the command on remote host (Server) to append public key.
    $ cat <KEY_NAME>.pub >> $HOME/.ssh/authorized_keys
    For example:
    $ cat ofsa.pub >> $HOME/.ssh/authorized_keys
    The private key is not installed on any remote host.

    Note:

    Set the following permissions on App Server:
    • $ chmod –R 755 <remote_user_home>
    • $ chmod 700 .ssh
    • $ chmod 755 authorized_keys

    Note:

    Set the following permissions required on Web Server:

    $ chmod 600 <PRIVATE_KEY>

    Step 3: Verify whether Public Key authentication works from Web Server
    Public Key authentication is invoked by using the -i flag with the ssh command, specifying <PRIVATE_KEY_PATH> as the flag's argument.
    Execute the following command from Web Server to check remote App Server:
    $ ssh -x -l <REMOTE_USER> -i <PRIVATE_KEY_PATH> <REMOTE_HOST>
    For example:
    $ ssh -x -l ofsaaweb -i /scratch/oracle/Oracle/Middleware/Oracle_Home/user_projects/domains/AAIAKG/MYKey/ofsa whf00akg
    <PRIVATE_KEY_PATH> is the fully qualified name of the private key file.

    Note:

    If you see a password prompt instead of a passphrase prompt, the administrators of the remote host may have disallowed public key authentication.