setup ssh keys

To allow access across Unix hosts without entering a password, setup SSH with public keys for authentication.

Being able to access the host without a password is essential for infx remote administration of a host.

key pair

You first generate a key pair, which has a private part and a public part. You install the public key on each host you need remote access to.

Then, when you login, SSH does not prompt you for a password.

host key

The first time you connect using SSH, it generates a key for that host. Every time you connect to the host, this key will be used to verify it is the correct host. This prevents “man-in-the-middle” attacks, and other methods that try to impersonate a host.

Once the host is known, and the key has been sent, you can access that server using SSH without a password.

This host key will need to be regenerated when the host name or IP address details change.

security

To maintain security you must keep the private key, private. SSH will not use the file unless the permissions are 600, owner only can read or write.

If the private key file is compromised, you need to generate a new pair and re-send the public key.

manage keys

infx provides services that help you manage the ssh keys.

commandpurpose
infx keygenGenerate the public and private keys
infx keysendSend the public key to a remote host

key generation

This command will generate a private and public key pair:

infx generates the key using rsa, and stores the pair in the files id_rsa and id_rsa.pub.

key sending

You send the public key to each remote host you want to manage.

When you initially send the key, you have to specify the password. Future access to this host will not require a password.

change ssh default port

change ssh port

You can change the port ssh runs on from 22.

Example, change the port to 62999, add this to /etc/ssh/sshd_config.

Then, restart sshd.

root access required

Repeat the change on server2.

set default port for host

Next, set up your ssh config, to default server2 to the new port number. This is so you don’t have to specify it on the command line.

Add these lines to $HOME/.ssh/config, on server1.

Now all ssh commands, including rsync and scp, will default to the correct port number.

Check the ssh documentation for other options you can add here, such as compression for slow links.

informix user should be used when setting up the defaults