To allow access across Unix hosts without entering a password, infx uses SSH with public keys for authentication. Being able to access the host without a password is essential to remote administration of that host through infx.

Using SSH, you first generate a key, which has a private part and a public part. You set up the remote host with your public key. Then, when you login, SSH uses the keys to authenticate, without the need to enter a password.

The first time you connect using SSH, it generates a key for that host.  The key will be re-compared every time you connect to that host. This prevents another host from "masquerading" as that host, but means the key needs to be regenerated when the host details change. For example, host name or IP address changes require the keys to be regenerated.

To maintain security you must keep the private key, private. SSH will not use the file if the file permissions are incorrect.

infx provides services that help you manage the ssh keys. You generate the public and private keys on the host you want to remote manage from. You send the public key to the remote host you want to be able to manage.

This command will generate a private and public key pair:

By default, infx generates the key using rsa, and stores the pair in the files id_rsa and id_rsa.pub.

When you initially send the key, you have to specify the password. Future access to this host will not require a password.

change ssh default port

You can change the port ssh runs on from 22, to say 62999:

Add this line to /etc/ssh/sshd_config.

Restart sshd.

Repeat the change on server2, then set up your ssh config, so you don't have to specify the port number on the command line.

Add these lines to $HOME/.ssh/config, on server1

Now all ssh commands, including rsync and scp, will default to the correct port number.

Check the ssh documentation for other options you can add here, such as compression for slow links.