Previous Topic

Next Topic

Book Contents

Book Index

SSH - Specific Clients - OpenSSH Unix

Generating SSH Keys

At the shell prompt type the following:

ssh-keygen -t rsa

This will start the generation of a RSA SSH key to use with MOVEit DMZ. Hit enter to accept the default location of the key. Also, hit enter to leave the passphrase blank. The dialog will look similar to the dialog below:

Generating public/private rsa key pair. 
nter file in which to save the key (/home/sms/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: Your identification has been saved in /home/someuser/.ssh/id_rsa. 
Your public key has been saved in /home/someuser/.ssh/id_rsa.pub. 
The key fingerprint is: 
xx:2d:28:59:90:xx:20:69:xx:45:ec:77:2a:de:a5:xx sms@somehost

You will need the fingerprint information for the login credentials into MOVEit DMZ. The fingerprint looks like: xx:2d:28:59:90:xx:20:69:xx:45:ec:77:2a:de:a5:xx

ssh-keygen will create a public and private key pair for use in authentication. The private key is stored in ~/.ssh/identity (or ~/.ssh/id_rsa), whereas the public key is stored in ~/.ssh/identity.pub. In most SSH setups, the public key must be placed in a ~/.ssh/authorized_keys file on a remote machine, but MOVEit DMZ stores fingerprints of these public keys in its user record instead. (See the Keys section for more information.) Having a valid public/private key pair will allow connections to the SSH interface of MOVEit DMZ based upon RSA authentication instead of passwords.

If a file called ~/.ssh/known_hosts exists and the end user has opted to trust the public key of a MOVEit DMZ server, this file should contain the hostname and/or IP address of the MOVEit DMZ server as well as its public key. Although it is possible to edit this file by hand, it is instead recommended that end users permit their SSH clients to make the necessary changes to this file instead.

OpenSSH Field Tips

The following observations and workarounds have been observed and deduced by technical support staff working with the OpenSSH client in the field.