Here we use Digital Signature Algorithm (DSA) as the key type. You can use RSA instead. The corresponding command is shown in Example 2-13.

Example 2-13 Generate a public and private key pair using RSA

#cd ~/.ssh

#ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""

The option -N "" informs the command ssh-keygento use an empty passphrase when generating the key files. A passphrase is like a password for the key file. Option -fspecifies the file name for a key file. Example 2-14shows the key files generated by the foregoing commands. Files with suffix

.pub are public key files. Files without any suffix are private files.

Example 2-14 Files generated by above commands

# ls -alt

 

 

 

 

 

 

 

total 40

 

 

 

 

 

 

 

drwx------

2

root

system

256

Jun

18

16:12 .

-rw-------

1

root

system

1679

Jun

18

16:12 id_rsa

-rw-r--r--

1

root

system

392

Jun

18

16:12 id_rsa.pub

-rw-------

1

root

system

672

Jun

18

16:11 id_dsa

-rw-r--r--

1

root

system

600

Jun

18

16:11 id_dsa.pub

drwxr-xr-x

28

root

system

4096

Jun

11

10:47 ..

 

 

 

 

 

 

 

 

Ensure that the file permission of the key file is correct. By default, the private key file can only be read and written by the root user.

3.Distribute the public key file to the remote machines where automatic login of the root user is to be enabled. The command is:

cat ~/.ssh/id_dsa.pub ssh root@baltic 'cat >> ~/.ssh/authorized_keys'

In this step we read the public key file and redirect its content to ssh through a pipe. Then we use ssh to execute a command to Baltic, which is the remote machine. And we append the content of this public key to a file named authorized_keys. This file is located in the folder .ssh under the root user’s home directory on a remote machine.

Example 2-15shows the prompts we encounter when executing this remote command. The first prompt is a warning because this is the first time we connect to the machine Baltic. An authentication key has to be accepted. The second prompt asks for the root user’s password to login to Baltic.

Example 2-15 Distribute the public key file to remote machine

# cat ~/.ssh/id_dsa.pub ssh root@baltic 'cat >> ~/.ssh/authorized_keys' The authenticity of host 'baltic (9.43.86.48)' can't be established.

RSA key fingerprint is 48:56:a4:d9:27:25:12:0f:b3:11:5a:60:52:7a:25:e0.

Chapter 2. DB2 server deployment 61

Page 75
Image 75
IBM DB2 manual Example 2-14 Files generated by above commands