Solaris: Create SSH Keys for Quick Server Logins

To make access to both servers easier, I have created keys for SSH so that I can shell server to server with no password. Following the steps in this Tech-Recipe will make it possible for you to log in painlessly from one system to another.


To create and distribute the SSH key, follow these steps:

# cd ~/.ssh

(If it does not exist, make it off of LDAP’s home directory, which according to the document is /var/Sun/mps.)

# ssh-keygen -t rsa -N ""

It accept all defaults. This will create two files in the ~/.ssh directory: id_rsa and id_rsa.pub. The text file id_rsa.pub has the shared key in it.

# cat id_rsa.pub

Then highlight all of the text and copy it to the clipboard.

# ssh ldap@ldapserver2
cd ~/.ssh
vi authorized_keys

Hit i to put it in insert mode, and then paste the key into the file. Press ESC, and type :wq and press Enter to write a quit vi. The result should be something like this:

(This should be one contiguous line. I put line breaks to fit within the document.)
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmhhdjseAbeHL2gHtPH3MAiD
k+3Gmcw+0SOozqVFqydhk8xDMh/l9h53QhbkkRsarxEoHZCZ3bc9qISZPJib
9q7uvSRXdgVRM6sMQRWzCqMRwJMz90QL/AejhAiaALGP+aQnp8A2UAzn3
aU9X2YPT+9Y/yKxK45dPR9qJ0YLwFzQr5ltldCYw707yTd/3r8LiBlPh7Q1Pla
XV6ospU9thrAZxhT7EJOQ+Pbrw0AaEXeRNPATzcevF7JWuRANj2DMMP7uQ
swxSkolyLregDCPIP7vVwP2bbktrtg37tdyC1dBrAup2R0hpB+HOlOmHGUyM
q+qzyCp5vujB4V/nyvq9Yw== [email protected]

Now, do the same thing again, but in reverse server order. You are going from ldapserver2 to ldapserver1 and entering the RSA public key into ldapserver1′s ~/.ssh/authorized_key.

If this does not work so that you can SSH to and fro on ldapserver1 and ldapserver2, do not dispair. You will have to make alterations to your /etc/sshd_config file, which is unfortunately beyond the scope of this document.

The Conversation

Follow the reactions below and share your own thoughts.

  • welerson

    configurando chave ssh

  • Anonymous

    If i want to use keys exclusively what is the most secure thing to do with my passwd expiration that will not exclude cron, sftp capability.