This FAQ describes how to manually generate and configure SSH keys using Windows. First create a new user from the Opengear Management Console on Opengear gateway (the following example users a user called "testuser") making sure it is a member of the "users" group. If you do not already have a public/private key pair you can generate them now using ssh-keygen, PuTTYgen or a similar tool:
- PuTTYgen: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- OpenSSH: http://www.openssh.org/
- OpenSSH (Windows): http://sshwindows.sourceforge.net/download/
- For a good overview of SSH key generation: http://alexandria.wiki.sourceforge.net/SSH+Key+Generation#clients
For example using PuTTYgen first make sure you have a recent version of the puttygen.exe and make sure you have a recent version of WinSCP (available from http://winscp.net/eng/download.php ). To generate a SSH key using PuTTYgen :
- Execute the PUTTYGEN.EXE program
- Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section ... and it is important that you leave the passphrase field blank
- Click on the Generate button
- Follow the instruction to move the mouse over the blank area of the program in order to create random data used by PUTTYGEN to generate secure keys. Key generation will occur once PUTTYGEN has collected sufficient random data.
- Create a new file " authorized_keys " (with notepad) and copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file. Make sure there is only one line of text in this file.
- Use WinSCP to copy this "authorized_keys" file into the users home directory: eg. /etc/config/users/testuser/.ssh/authorized_keys of the Opengear gateway which will be the SSH server. You will need to make sure this file is in the correct format with the correct permissions with the following commands:
/etc/config/users/testuser/.ssh/authorized_keys && chown testuser
- Using WinSCP copy the attached sshd_config over /etc/config/sshd_config on the server (Makes sure public key authentication is enabled)
- Test the Public Key by logging in as "testuser" Test the Public Key by logging in as "testuser" to the client Opengear device and typing (you should not need to enter anything): # ssh -o StrictHostKeyChecking=no
- To automate connection of the SSH tunnel from the client on every power-up you need to make the clients /etc/config/rc.local look like the following:
ssh -L9001:127.0.0.1:4001 -N -o StrictHostKeyChecking=no testuser@ &
This will run the tunnel redirecting local port 9001 to the server port 4001.
Installing the SSH Public/Private Keys (Management Console)
Alternately to using WinSCP, for Opengear gateways the keys can be simply uploaded through the web interface on the System: Administration page. This enables you to upload stored RSA or DSA Public Key pairs to the master/server and apply the Authorized key to the slave/client:
- Select System: Administration on Master's Management Console
- Browse to the location you have stored RSA (or DSA) Public Key and upload it to SSH RSA (DSA) Public Key
- Browse to the stored RSA (or DSA) Private Key and upload it to SSH RSA (DSA) Private Key and click Apply
Next you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave.
- Select System: Administration on the Slave's Management Console
- Browse again to the stored RSA (or DSA) Public Key and upload it to Salve's SSH Authorized Key and click Apply