Table of Contents
Advertisement
Key management for Secure Shell
Generating the keys
Variaous algorithms are available for generating such key pairs. The most familiar are RSA
and DSA. In Solaris they can be generated by calling the ssh-keygen command (see
http://www.openssh.com). The generation of RSA keys in SSH protocol version 2 is recom-
mended. The minimum key length is 512 bits. 1024 bits are generally regarded as sufficient.
The keys generated are saved in the local Solaris file system:
In SSH protocol version 1 the private key is stored by default in the directory
$HOME/.ssh/identity and the public key in the directory
$HOME/.ssh/identity.pub of the user.
In SSH protocol version 2 the RSA authentication identity is stored in the file
$HOME/.ssh/id_rsa and the public RSA key in the file $HOME/.ssh/id_rsa.pub.
In SSH protocol version 2 the DSA authentication identity is stored in the file
$HOME/.ssh/id_dsa and the public DSA key in the file $HOME/.ssh/id_dsa.pub.
The key pairs can also be generated using a tool supported by the GUI. The PuTTY key
generator is described in the
Distribution of the public keys to the communications partners
In the next configuration step the user must distribute the public key in the
$HOME/.ssh/authorized_keys file to all remote systems with which he/she wishes to
communicate. You can do this, for example, by copying the local identity file for the public
key to the remote systems and appending its content to the
$HOME/.ssh/authorized_keys file.
Pass phrases
The private key must not get into the wrong hands. Several protection mechanisms are
provided in the SSH for this purpose. The ssh program issues a warning if the local identity
file is readable for anyone except the owner. A pass phrase can be agreed on when a key
pair is generated. This pass phrase is used for encrypting and decrypting the private key
when writing to or reading from the identity file.
You are recommended to protect the private key with a pass phrase.
A pass phrase is an extension of the password. It can be a sequence of words, numbers,
blanks, symbols or other characters. Good pass phrases are 10 to 30 characters long and
contain a sequence of upper- and lower-case characters, digits and non-alphanumeric
characters which are not easy to guess.
Unlike a password, a pass phrase is not transferred to the remote computer in the context
of an authentication procedure.
154
section "PuTTY with PuTTYgen and Pageant" on page
Remote operation via PC
U41272-J-Z385-3-76
157.
- Quick Links:
- Figure 1: Example of an Sx...
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Fujitsu Siemens Computers SX series
Related Products for Fujitsu Siemens Computers SX series
- Fujitsu Siemens Computers SCENIC C
- Fujitsu Siemens Computers PRIMERGY SX30
- Fujitsu Siemens Computers FibreCAT SX40
- Fujitsu Siemens Computers PRIMERGY SX10
- Fujitsu Siemens Computers FibreCAT SX60
- Fujitsu Siemens Computers FibreCAT SX80
- Fujitsu Siemens Computers FibreCAT SX88
- Fujitsu Siemens Computers SCALEOVIEW S20-1W