First page Back Continue Last page Overview Graphics
SSH key installation
3 versions of ssh: interoperability is good, but poorly documented
ssh-keyinstall utility automates the creation and installation
- “ssh-keyinstall –s SshServerName” creates keys, if needed, and installs them on the remote server
- Need password during key install only
The three major flavors of SSH are: Commercial SSH1 (which supports the SSH1 protocol), Commercial SSH2 (which supports the SSH2 protocol) and OpenSSH (which can talk both protocols). OK, that’s not too bad. Here’s the problem: All three applications store the private and public keys in different files, in different directories, and in different formats. When the public key is copied to the server, it may need to go in a few different files, occasionally requiring editing more than one file on the server.
In short, if the client and server in question at least can talk the same protocol, there’s a way to set up a keypair so that you can get from the client to the server. After I learned how it was done (read on), I wrote a tool that automates the process of creating the keys and installing them to the remote machine. ssh-keyinstall is a free (GPL’d) script that creates the keys and installs them on as many servers as you’d like. You’ll need a valid password on the remote machine only long enough to run the script; after it’s done you can use keys from that point on.
See chapter 6 of “SSH, The Secure Shell, The definitive guide” for the gory details (it happens to be online at http://www.oreilly.com ; this generous act by O’Reilly prompted me to buy the entire book).