Secure Shell (Ssh) Public Key Authentication; Ssh Overview; Generating Public Keys (Linux) - Tripp Lite B092-016 Owner's Manual

Chapter 15: Advanced Configuration

15.6 Secure Shell (SSH) Public Key Authentication

This section covers the generation of public and private keys in a Linux and Windows environment and configuring SSH for
public key authentication. The steps to use in a Clustering environment are:
• Generate a new public and private key pair
• Upload the keys to the Master and to each Slave Console Server
• Fingerprint each connection to validate

15.6.1 SSH Overview

Popular TCP/IP applications such as telnet, rlogin, ftp, and others transmit their passwords unencrypted. Doing this across
public networks like the Internet can have catastrophic consequences. It leaves the door open for eavesdropping, connection
hijacking, and other network-level attacks.
Secure Shell (SSH) is a program to log into another computer over a network, to execute commands in a remote machine,
and to move files from one machine to another. It provides strong authentication and secure communications over insecure
channels.
OpenSSH, the de facto open source SSH application, encrypts all traffic (including passwords) to effectively eliminate these
risks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
OpenSSH is the port of OpenBSD's excellent OpenSSH[0] to Linux and other versions of Unix. OpenSSH is based on the last
free version of Tatu Ylonen's sample implementation with all patent-encumbered algorithms removed (to external libraries), all
known security bugs fixed, new features reintroduced and many other clean-ups. http://www.openssh.com/ The only changes in
the SSH implementation are:
• PAM support
• EGD[1]/PRNGD[2] support and replacements for OpenBSD library functions that are absent from other versions of UNIX
• The config files are now in /etc/config. e.g.
o /etc/config/sshd_config instead of /etc/sshd_config
o /etc/config/ssh_config instead of /etc/ssh_config
o /etc/config/users/<username>/.ssh/ instead of /home/<username>/.ssh/

15.6.2 Generating Public Keys (Linux)

To generate new SSH key pairs use the Linux ssh-keygen command. This will produce an RSA or DSA public/private key pair
and you will be prompted for a path to store the two key files e.g. id_dsa.pub (the public key) and id_dsa (the private key). For
example:
$ ssh-keygen -t [rsa|dsa]
Generating public/private [rsa|dsa] key pair.
Enter file in which to save the key (/home/user/.ssh/id_[rsa|dsa]):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_[rsa|dsa].
Your public key has been saved in /home/user/.ssh/id_[rsa|dsa].pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
219