Chapter 16: KCS Client Configuration
292 Console Server & RIM Gateway User Manual
Next you will need to set up SSH keys for each end of the tunnel and upload these keys to the Server and Client console
servers.
Client Keys:
The first step in setting up ssh tunnels is to generate keys. Ideally, you will use a separate, secure, machine to generate
and store all keys to be used on the console servers. However, if this is not ideal to your situation, keys may be
generated on the console servers themselves.
It is possible to generate only one set of keys, and reuse them for every SSH session. While this is not recommended,
each organization will need to balance the security of separate keys against the additional administration they bring.
Generated keys may be one of two types - RSA or DSA (and it is beyond the scope of this document to recommend one
over the other). RSA keys will go into the files id_rsa and id_rsa.pub. DSA keys will be stored in the files id_dsa and
id_dsa.pub.
For simplicity going forward the term private key will be used to refer to either id_rsa or id_dsa and public key to refer to
either id_rsa.pub or id_dsa.pub.
To generate the keys using OpenBSD's OpenSSH suite, we use the ssh-keygen program:
$ ssh-keygen -t [rsa|dsa]
Generating public/private [rsa|dsa] key pair.
Enter file in which to save the key (/home/user/.ssh/id_[rsa|dsa]):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_[rsa|dsa].
To Next Page
Loading...
Need help?
General
