Generating a public-private key pair for password-less authentication

Secure shell (SSH) is often used to log on from one system to another without requiring passwords.

One of the methods used for password-less authentication is to generate a personal set of public-private key pair  that uses two keys – a public key known to everyone and a private or secret key known only to the recipient of the message. For example, when John wants to send a secure message to Jack, he uses Jack's public key to encrypt the message. Jack then uses his private key to decrypt it.

An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.

Generating a public-private key pair

  1. Using an SSH client such as PuTTY connect to the computer on which the grid is installed.
  2. Type ssh-keygen -t rsa -b 1024.
  3. Accept ~/.ssh/id_rsa, the default file in which to save the private key.
  4. Press Enter to leave the passphrase empty.

    Leaving the passphrase empty, prompts you for the passphrase whenever you attempt to log on to computers that are configured with your public key.

Using a key pair generated on one computer to connect to a different remote target

  1. On the computer on which the key pair is generated, type cd ~/.ssh.

  2. Type cat id_rsa.pub to list the public key file

    Warning

    Do not list the file saved at ~/.ssh/id_rsa because it is your private key that should be kept securely.

  3. Copy the contents of the id_rsa.pub file.
  4. Type ssh <userName>@<computerName> or ssh <userName>@<IPAddress>
    <computerName> or <IPAddress> specifies the host name or IP address of the remote target on which to start a secure session.
  5. Specify the password.
  6. (Optional) If .ssh is not present, type mkdir .ssh.
  7. Type cd .ssh.
  8. Type vi authorized_keys. On some earlier versions of UNIX, you might need to edit authorized_keys2.
  9. Type i to switch to the Insert mode and then, paste the public key copied in step 3.
  10. Save the authorized_keys file.
  11. Type exit to return to the computer on which the key pair is generated.

To verify the preceding procedure, type ssh <userName>@<computerName> or ssh <userName>@<IPAddress>, you should not be prompted for the password.

Tip

On a Windows computer, generate the public-private key pair using a key-generation tool or generate and use the key pair on the same target computer as documented in the following procedure.

Using a key pair on the same remote target on which it is generated

  1. On the remote target on which the key pair is generated, type cd ~/.ssh.

  2. Type cat id_rsa.pub to list the public key file.

    Warning

    Do not list the file saved at ~/.ssh/id_rsa because it is your private key that should be kept securely.

  3. Copy the contents of the id_rsa.pub file.
  4. Type vi authorized_keys. On some earlier versions of UNIX, you might need to edit authorized_keys2.
  5. Type i to switch to the Insert mode and then, paste the public key copied in step 3.
  6. Save the authorized_keys file.

To use the private key at the adapter request or configuration level, open the id_rsa file, copy its contents, and then use this private key.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*