Creating Open SSH RSA or DSA Keys
How Do I Create Open SSH RSA or DSA Public & Private Keys?
Note: The keys that you generate with Linux can be used with any Lantronix server that supports ssh. The XPort-AR is used as an example. See the documentation for your Lantronix server for specific information on importing ssh keys.
The easiest way to create open SSH RSA or DSA public & private keys is to use Linux. The command used is $ ssh-keygen -t [dsa|rsa]
For this FAQ the example we will create are DSA keys since this is the most secure of the two types.
Login to your Linux system as the user you are going to use when using SSH to the Lantronix server. Then issue the ssh-keygen -t dsa command from a terminal session.
Here is what you will see:
From a terminal session type:
$ ssh-keygen -t dsa
generating public/private dsa key pair
Enter the directory in which to save the key (/home/yourdirectory/.ssh/id_dsa): (Press Enter)
Created directory '/home/yourdirectory/.ssh'.
Enter passphrase (empty for no passphrase): (enter your passphrase) This can be a line from a song or poem but at least 16 characters.
Enter same passphrase again: (Enter your passphrase again)
Your identification has been saved in /home/yourdirectory/.ssh/id_dsa.
Your public key has been saved in /home/yourdirectory/.ssh/id_dsa.pub.
The key fingerprint is:
09:13:b5:42:e9:37:94:6b:c6:90:75:04:82 yourname@yourdomain
To view the files that are created:
From a terminal session type:
# ls /.ssh
id_dsa id_dsa.pub
The first file, id_dsa, is you private key. This key is only for the Lantronix server(s) you want SSH access to.
The second file, id_dsa.pub is your public key. Distribute this file to all hosts you want to allow SSH access to the Lantronix server(s). You, also, need to create a new file called authorized_keys and place the public key in /home/yourdirectory/.ssh folder.
You can create the file, authorized_keys, in this folder simply by typing from a terminal session:
[/home/yourdirectory/.ssh]# cat id_dsa.pub >> authorized_keys
Example:
Use the XPort AR Web Manger to import the keys. To do this:
- Open the Web Manager in a Web Browser on your Linux machine by typing the IP Address of the XPort AR in the address bar of the browser. Enter "admin" for the user name and "PASS" (default) for the password.
- Highlight SSH, then click Server Host Keys.
- In the field, Private Key: /home/yourdirectory/.ssh/id_dsa
- In the field, Public Key: /home/yourdirectory/.ssh/id_dsa.pub
- Select, Key Type: DSA
- Then click Submit
- Next, highlight SSH, then click Server Auth Users
- Add a Username/Password
- In the field, Public DSA Key: /home/yourdirectory/.ssh/id_dsa.pub
- Click Add/Edit
To test using an SSH connection, open a terminal session on you Linux machine you will see this (below) when you enter this command:
$ ssh -l [username] [ip address of XPort AR]
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
DSA key fingerprint is 09:13:b5:42:e9:37:94:6b:c6:90:75:04:82.
Are you sure you want to continue (yes/no)? yes
Warning; permanently added 'xxx.xxx.xxx.xxx' (DSA) to the list of known hosts.
username@xxx.xxx.xxx.xxx's password: (Enter password)
> (this is the login prompt for the Xport AR)
To test using SSH from a Windows machine it is recommended to use PuTTY or another client that offers SSH.
- Open PuTTY
- Enter the IPAddress of the XPort AR in the Host Name (or IP address) field and select the SSH button below.
- Under Connection, highlight data and enter the username in the Auto-login username field you created on the XPort AR
- Highlight SSH and choose the SSH2 button
- Highlight Auth and browse to where you have the id_dsa key file
- Click open
- Enter your user password, then enter
- > will be displayed. This is the login prompt for the Xport AR
The first time you do this with Windows it will ask you to permantly add the key to list of know hosts. Say YES.
[Originally Published On: 11/16/2005 04:56 AM]