Server User Manual
For simplicity going forward, the term private key will be used to refer to either id_rsa or id_dsa and
public key to refer to either id_rsa.pub or id_dsa.pub.
To generate the keys using OpenBSD's OpenSSH suite, we use the ssh-keygen program:
$ ssh-keygen -t [rsa|dsa]
Generating public/private [rsa|dsa] key pair.
Enter file in which to save the key (/home/user/.ssh/id_[rsa|dsa]):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_[rsa|dsa].
Your public key has been saved in /home/user/.ssh/id_[rsa|dsa].pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
It is advisable to create a new directory to store your generated keys. It is also possible to name the files
after the device they will be used for. For example:
$ mkdir keys
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/keys/control_room
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/keys/control_room
Your public key has been saved in /home/user/keys/control_room.pub.
The key fingerprint is:
28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server
$
You should ensure there is no password associated with the keys. If there is a password, then the
console servers will have no way to supply it as runtime.
Authorized Keys:
If the console server selected to be the server will only have one client device, then the authorized_keys
file is simply a copy of the public key for that device. If one or more devices will be clients of the server,
_____________________________________________________________________
724-746-5500 | blackbox.com Page 259