How To Set Up Public Keys for Automation

 

  1. Login to the source server.  Ask yourself is this the server where jobs will initiate from.  Is this the server you will push files from?   Use SSH Client to login.  If you don’t have the SSH Client go here to get if for free.  If you wish to use an Openssh key for use on our SSH Server then contact Unix Support at unix_support@cusys.edu for help.

 

 

 

2.  From your home directory type this:  “ssh-keygen   -t  dsa” 

 

 

 

Here are the details:

 

[username@hostname]> ssh-keygen -t dsa                                         ß the command

Generating 2048-bit dsa key pair

   3 o..oOo.oOo.o

Key generated.

2048-bit dsa, username@hostname, Fri Mar 21 2003 10:52:04 -0700

Passphrase :                                                                                 ß Hit return here for a null passphrase

Again      :                                                                                      ß Hit return here

Key is stored with NULL passphrase.

 (You can ignore the following warning if you are generating hostkeys.)

 This is not recommended.

 Don't do this unless you know what you're doing.

 If file system protections fail (someone can access the keyfile),

 or if the super-user is malicious, your key can be used without

 the deciphering effort.

Private key saved to /export/home/username/.ssh2/id_dsa_2048_a      ß the full path to the private key

Public key saved to /export/home/username/.ssh2/id_dsa_2048_a.pub            ß the full path to the public key

 

 

  1.  It will create two files for you.  One is a private key called id_dsa_2048_a.  The other is your public key called id_dsa_2048_a.pub. You need to run these two Unix commands in your  home/.ssh2 directory:

echo  “idkey  id_dsa_2048_a”  >  identification

echo  “key  id_dsa_2048_a.pub”  >  authorization

 

            If you wish to have one unix server trust another with your same login then you need to upload your public key to your $HOME/.ssh2 directory (naming it something unique like id_dsa_2048_a_hostname.pub).  You can have more than one key in your authorization file.  Just remember to upload it and append the reference (key   id_dsa_2048_a_newkey.pub) to the authorization file. 

 

 

If you successfully created a public key, put it in your $HOME/.ssh2 directory and referenced it in the authorization file they you should have no problem using ssh, scp or sftp to access the other Unix system.  The last step is to test your connection.

 

  1. From the source server type this

 

ssh  username@hostname date

 

Where username is the user the job will login as and “hostname” is the destination server.  You will login directly without being prompted for your password and run the “date” command.  The results appear on the screen.

 

That’s it.  You may or may not have to convert from ssh to openssh.  Use this command to convert the key:

 

            ssh-keygen –i –f  /path/to/sshkey  >> /path/to/.ssh/authorized_keys2

 

If you need to convert a key from openssh to ssh try this command:

 

            ssh-keygen –e –f  /path/to/opensshkey  >>  sshkey

 

Make sure the appropriate key ends up in the appropriate directory (openssh = $HOME/.ssh/authorized_keys2,  ssh=$HOME/.ssh2/authorization).  

 

The next step in secure file transfers is to make sure the file is encrypted on the server.  That will protect the file if it’s sitting out on a public accessible server.   Please refer to this reference on how to use GPG to encrypt a file.

 

If you still need help contact Unix Support at unix_support@cusys.edu