IBM DB2 manual Example 2-14 Files generated by above commands

Here we use Digital Signature Algorithm (DSA) as the key type. You can use RSA instead. The corresponding command is shown in Example 2-13.

Example 2-13 Generate a public and private key pair using RSA

#cd ~/.ssh

#ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""

The option -N "" informs the command ssh-keygento use an empty passphrase when generating the key files. A passphrase is like a password for the key file. Option -fspecifies the file name for a key file. Example 2-14shows the key files generated by the foregoing commands. Files with suffix

.pub are public key files. Files without any suffix are private files.

Example 2-14 Files generated by above commands

Ensure that the file permission of the key file is correct. By default, the private key file can only be read and written by the root user.

3.Distribute the public key file to the remote machines where automatic login of the root user is to be enabled. The command is:

cat ~/.ssh/id_dsa.pub ssh root@baltic 'cat >> ~/.ssh/authorized_keys'

In this step we read the public key file and redirect its content to ssh through a pipe. Then we use ssh to execute a command to Baltic, which is the remote machine. And we append the content of this public key to a file named authorized_keys. This file is located in the folder .ssh under the root user’s home directory on a remote machine.

Example 2-15shows the prompts we encounter when executing this remote command. The first prompt is a warning because this is the first time we connect to the machine Baltic. An authentication key has to be accepted. The second prompt asks for the root user’s password to login to Baltic.

Example 2-15 Distribute the public key file to remote machine

# cat ~/.ssh/id_dsa.pub ssh root@baltic 'cat >> ~/.ssh/authorized_keys' The authenticity of host 'baltic (9.43.86.48)' can't be established.

RSA key fingerprint is 48:56:a4:d9:27:25:12:0f:b3:11:5a:60:52:7a:25:e0.

Chapter 2. DB2 server deployment 61