SSH Key questions

Posted:
in Genius Bar edited January 2014
I'm replacing my NFS exports with SSH. I have 2 NFS exports that I server to an AIX box on my LAN. The AIX admin hates NFS (as do I) and he wants to try SSH.



I have SSH enabled on my OS X Server, but Im not sure how to create an SSH key so the AIX box can log-in automatically to my OS X Server over SSH without being prompted for a username and password. It's important that the AIX box can log-in without being prompted for credentials (the AIX box runs scripts that perform functions like copy files from my OS X Server to the AIX box, etc).



Can someone give me a brief overview on how to create SSH DSA keys on the AIX box and where to put them on my OS X Server? I assume I will need to create a local account on my OS X Server for the AIX box (and a corresponding username/password for the account). Once a local profile and home folder are created, I assume I would generate a SSH key on the AIX box and then copy it to the home folder of the AIX account on my server. Any advice would be greatly appreciated. Im clueless as to what info is stored in the key (is it a computer name? a DNS/host name?, a user name?, an IP address? a MAC address?). The goal is to kill my exisiting NFS exports and let the AIX box connect to my server via SSH instead to copy over report data from my server to the AIX box (for an Oracle app to process). The AIX admin plans on using some scripted cp commands to copy the data as needed.



Side question: If my server is bound to AD, is it possible to take a local account and add it to an AD group? I was considering adding a local account to an existing AD group that had group ownership on a specific AFP share point on my OS X Server. Will my OS X Server let me put a local user into a AD directory group?



Note: My server is an OS X 10.3.9 G5 Xserve.

Comments

  • Reply 1 of 1
    1337_5l4xx0r1337_5l4xx0r Posts: 1,558member
    Well, Mr. Asks Alot of Questions,



    you need to run ssh-keygen on your OS X box as the user the AIX box wants to connect as, eg: log in as roger in OS X if we are to be copying and moving roger's files. Unless you want to connect to the AIX box there's no need to run ssh-keygen on that host as well.



    man ssh-keygen for info on keys, and BTW public AND private keys are generated by ssh-keygen.



    man ssh tells you how to easily set up ssh so login requires no password, eg:

    ssh roger@snarfblatt

    and:

    scp roger@snarfblatt:/some_dir/random-file.txt ./

    automatically connects you as user roger on host snarfblatt.



    man sshd will answer anything not covered by the other man pages, although I doubt you'll need this.



    from man ssh:

    Quote:

    ssh implements the RSA authentication protocol automatically. The user

    creates his/her RSA key pair by running ssh-keygen(1). This stores the

    private key in $HOME/.ssh/identity and the public key in

    $HOME/.ssh/identity.pub in the user's home directory. The user should

    then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home

    directory on the remote machine (the authorized_keys file corresponds to

    the conventional $HOME/.rhosts file, and has one key per line, though the

    lines can be very long). After this, the user can log in without giving

    the password. RSA authentication is much more secure than rhosts authen-

    tication.



    BTW, ssh (and scp, etc) is the shiznit. You'll love it!
Sign In or Register to comment.