User`s manual
_____________________________________________________________________
724-746-5500 | blackbox.com Page 211
Generated keys may be one of two types—RSA or DSA (and it is beyond the scope of this document to
recommend one over the other). RSA keys will go into the files id_rsa and id_rsa.pub. DSA keys will be
stored in the files id_dsa and id_dsa.pub.
For simplicity going forward, the term private key will be used to refer to either id_rsa or id_dsa and
public key to refer to either id_rsa.pub or id_dsa.pub.
To generate the keys using OpenBSD's OpenSSH suite, we use the ssh-keygen program:
$ ssh-keygen -t [rsa|dsa]
Generating public/private [rsa|dsa] key pair.
Enter file in which to save the key (/home/user/.ssh/id_[rsa|dsa]):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_[rsa|dsa].
Your public key has been saved in /home/user/.ssh/id_[rsa|dsa].pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
It is advisable to create a new directory to store your generated keys. It is also possible to name the files
after the device they will be used for. For example:
$ mkdir keys
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/keys/control_room
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/keys/control_room
Your public key has been saved in /home/user/keys/control_room.pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
You should ensure there is no password associated with the keys. If there is a password, then the
console servers will have no way to supply it as runtime.
Client #1
Server Client #2
id_dsa id_dsa.pub
Client #1 Keys
id_rsa.pub id_rsa
Client #2 Keys
Authorized keys