setup ssh keys
To allow access across Unix hosts without entering a password, setup SSH with public keys for authentication.
Being able to access the host without a password is essential for infx remote administration of a host.
You first generate a key pair, which has a private part and a public part. You install the public key on each host you need remote access to.
Then, when you login, SSH does not prompt you for a password.
The first time you connect using SSH, it generates a key for that host. Every time you connect to the host, this key will be used to verify it is the correct host. This prevents “man-in-the-middle” attacks, and other methods that try to impersonate a host.
Once the host is known, and the key has been sent, you can access that server using SSH without a password.
To maintain security you must keep the private key, private. SSH will not use the file unless the permissions are 600, owner only can read or write.
If the private key file is compromised, you need to generate a new pair and re-send the public key.
infx provides services that help you manage the ssh keys.
|infx keygen||Generate the public and private keys|
|infx keysend||Send the public key to a remote host|
This command will generate a private and public key pair:
Generating public/private rsa key pair.
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . o o |
| + o . |
| O . . |
| S = o |
| o + . .|
| +. +o|
| .o . E|
| ... o+|
infx generates the key using rsa, and stores the pair in the files id_rsa and id_rsa.pub.
You send the public key to each remote host you want to manage.
change ssh default port
change ssh port
You can change the port ssh runs on from 22.
Example, change the port to 62999, add this to /etc/ssh/sshd_config.
Then, restart sshd.
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Repeat the change on server2.
set default port for host
Next, set up your ssh config, to default server2 to the new port number. This is so you don’t have to specify it on the command line.
$ touch $HOME/.ssh/config
Add these lines to $HOME/.ssh/config, on server1.
Now all ssh commands, including rsync and scp, will default to the correct port number.
Check the ssh documentation for other options you can add here, such as compression for slow links.