...
On Linux/Unix machine:
The command to generate an ssh key file is "ssh-keygen". Used without any parameters it will usually generate an SSH2 version RSA key. Additional options are available. See "man ssh-keygen (FreeBSD version)" for more details.
On a Windows computer you will probably be using either PuTTY or BitviseSSH clients, and they each have their own way to generate a set of public and private key.
Target Server
Locate the .ssh directory for the user you will use to scan the target server (If the directory doesn't exist for that user it will need to be created)
If the username is iQSonar, then the hidden folder .ssh will be located in /home/iQSonar/.ssh typically on Linux/Unix hosts.
[mdoyle@hydra ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mdoyle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mdoyle/.ssh/id_rsa.
Your public key has been saved in /home/mdoyle/.ssh/id_rsa.pub.
The key fingerprint is:
c0:bf:33:bd:f3:5a:8b:32:48:82:85:51:3e:18:6b:fa mdoyle@hydra
Note that two files are created. The public key (which is copied to the remote server) and the private key (which is stored on your computer)
Once you have your key(s), they to be appended to the .ssh/authorized_keys file on the remote host. It is important to append keys to this file if it already exists not replace an existing file, as replacing an existing file will lock you out from other computers you have previously set up remote login from. The authorized_keys file contains one key per line!
[mdoyle@hydra ~]$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/mdoyle/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/mdoyle/.ssh/id_rsa.Your public key has been saved in /home/mdoyle/.ssh/id_rsa.pub.
In the worked example below, the user name is mdoyle on the unix host we're logged in to (hydra), and mike on the host we're setting up for ssh_key access (10.0.1.3).
Unix Command/output | Meaning/Comment |
---|---|
[mdoyle@hydra ~]$ ssh-keygen | Generate the key. Do not specify a password to allow for use in scripts without user input. |
[mdoyle@hydra ~]$ scp .ssh/id_rsa.pub mike@10.0.1.3: | Copy the key to the remote host. You WILL be prompted for your password. |
[mdoyle@hydra ~]$ ssh mike@10.0.1.3 | Log in to the remote host, enter your password (for the last time) |
[mike@mc ~]$ cat id_rsa.pub >> .ssh/authorized_keys | Append the key to the authorized keys file |
[mdoyle@hydra ~]$ ssh mike@10.0.1.3 | Now you log in with no password prompt |
Existing Key
To create you "authorized_keys" file you can copy the file from your local system using the following:
...
- Set Credential Type to Unix Linux
- Select SSH Key
- Insert your Private Key (in the above example, this is the id_rsa file)
- Save and Close
Note | ||
---|---|---|
| ||
The SSH Key is treated like a password and can't be retrieved from the UI once saved |
...