Topics: AIX, Security, System Admin

HOWTO: set up ssh keys

First, install OpenSSH and OpenSSL on two UNIX servers, serverA and serverB. This works best using DSA keys and SSH2 by default as far as I can tell. All the other HOWTOs I've seen seem to deal with RSA keys and SSH1, and the instructions not surprisingly fail to work with SSH2.

On each server type ssh and make a connection with your regular password. This will create a .ssh dir in your home directory with the proper permissions. On your primary server where you want your secret keys to live (let's say serverA), type:

# ssh-keygen -t dsa
This will prompt you for a secret passphrase. If this is your primary identity key, use an empty passphrase (which is not secure, but the easiest to work with). If this works right, you will get two files called id_dsa and in your .ssh dir.

Copy the file to the other host's .ssh dir with the name authorized_keys2:
# scp ~/.ssh/ serverB:.ssh/authorized_keys2
Now serverB is ready to accept your ssh key.

For a test, type:
# ssh serverB
This should let you in without typing a password or passphrase. Hooray! You can ssh and scp all you want and not have to type any password or passphrase.

If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?