Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
21222324252627282930
Chapter 4 Connecting to Remote Computers 29
To generate the identity key pair:
1 Enter the following command on the local computer:
$ ssh-keygen -t dsa
2 When prompted, enter a lename in the users home folder to save the keys in; then
enter a password and password verication. For no password, don’t enter anything
when prompted. Just press Return.
For example:
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/mariah/.ssh/id_dsa): frog
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in frog.
Your public key has been saved in frog.pub.
The key fingerprint is:
4a:5c:6e:9f:3e:35:8b:e5:c9:5a:ac:00:e6:b8:d7:96 mariahjohnson1@mac.com
This creates two les. Your identication or private key is saved in one le (frog in our
example) and your public key is saved in the other (frog.pub in our example).
The key ngerprint, which is derived cryptographically from the public key value,
also appears. This secures the public key, making it computationally infeasible for
duplication.
3 Copy the resulting public le, which contains the local computer’s public key, to the
.ssh/authorized_keys le in the user’s home folder on the remote computer (~/.ssh/
authorized_keys).
The next time you log in to the remote computer from the local computer, you won’t
need to enter a password.
If you need to establish two-way communication between servers, repeat this process
on the second computer.
This process must be repeated for each user who needs to be able to open a key-
based SSH session. This includes the root user, whose home folder on Mac OS X Server
is at /var/root/.
Note: If you’re using an Open Directory user account and have logged in using the
account, you don’t need to supply a password for SSH login. On computers with
Mac OS X Server, SSH uses Kerberos for single sign-on authentication with any user
account that has an Open Directory password. (Kerberos must be running on the
Open Directory server.) For more information, see Open Directory Administration.