Use the Linux ssh-keygen command to generate new SSH key pairs. This will produce an RSA or DSA public/private key pair and you will be prompted for a path to store the two key files e.g. id_dsa.pub (the public key) and id_dsa (the private key).
You can generate only one set of keys (a Public and Private Key) and reuse them for every SSH session. This is appropriate for circumatances like cascading/clustering. However there are circumstances where multiple key pairs are required (e.g. SSH Tunneled Serial Bridging) and the steps for this are described in faq293. AIso key pairs generally are generated and stored on a separate secure machine, however they may be generated using ssh-keygen on the Opengear console server itself:
$ mkdir keys
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
/home/user/keys/control_room
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/keys/control_room
Your public key has been saved in /home/user/keys/control_room.pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
It is advisable to create a new directory to store your generated keys. It is also possible to name the files after the device they will be used for. For example:
$ mkdir keys
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
/home/user/keys/control_room
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/keys/control_room
Your public key has been saved in /home/user/keys/control_room.pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
For documentation on the ssh-keygen command referwww.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen
Installing the SSH Public/Private Keys (Management Console)
For Opengear gateways the keys can be simply uploaded through the web interface on the System: Administration page. This enables you to upload stored RSA or DSA Public Key pairs to the master/server and apply the Authorized key to the slave/client:
- Select System: Administration on Master's Management Console
- Browse to the location you have stored RSA (or DSA) Public Key and upload it to SSH RSA (DSA) Public Key
- Browse to the stored RSA (or DSA) Private Key and upload it to SSH RSA (DSA) Private Key and click Apply
Next you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave.
- Select System: Administration on the Slave's Management Console
- Browse again to the stored RSA (or DSA) Public Key and upload it to Salve's SSH Authorized Key and click Apply
Installing SSH Public Key Authentication (Linux command line)
Alternately the public key can be installed on the unit remotely from the linux host with the scp utility. Assuming the user on the Management Console is called "fred"; the IP address of the IMG/IM/CM4000 is 192.168.0.1 (default); and the public key is on the linux/unix computer in ~/.ssh/id_dsa.pub. Execute the following command on the linux/unix computer:
scp ~/.ssh/id_dsa.pub
root@192.168.0.1:/etc/config/users/fred/.ssh/authorized_keys
The authorized_keys file on the IMG/IM/CM4000 needs to be owned by "fred", so login to the Management Console as root and type:
chown fred /etc/config/users/fred/.ssh/authorized_keys
Comments
0 comments
Article is closed for comments.