This procedure assumes that the MPLS Topology Server host is running OpenSSH. As shown in OpenSSH commands and filenames for SSH1 RSA, SSH2 RSA, and SSH2 DSA, the OpenSSH key-generation commands and key-store filenames differ according to the type of protocol implementation. This procedure assumes a protocol implementation of SSH2 DSA.

Table 1. OpenSSH commands and filenames for SSH1 RSA, SSH2 RSA, and SSH2 DSA

SSH version

Public-key algorithm

Key-generation command

Generated key files

Public-key file on remote device

Private-key file 1

Public-key file

1**Copied to $HOME/.ssh directory on host where the MPLS Topology Server is running.



ssh-keygen-t rsa1





ssh-keygen-t rsa




ssh-keygen-t dsa



To configure public-key authentication for the SSH client:

  1. Create a public/private key pair by using the OpenSSH ssh-keygen-t dsa utility.

    When prompted, enter a key-store file path and a passphrase. The OpenSSH ssh-keygen-t dsa utility then creates the key pair, uses the passphrase to encrypt the private key before storing the private key in the key-store file (for example, in the /home/MPLS/.ssh/id_dsa file), and stores the public key in a sibling location (for example, in the /home/MPLS/.ssh/ file).

  2. Copy the public key to each of the SSH-enabled devices in the managed network.

    For example:

    % scp ~/.ssh/ ServerUser@remotesystem
  3. Append the public key to the authorization file on each of the devices.

    Because public-key authentication is not yet configured at the devices, you would use SSH password authentication to log in to the devices to complete this step. For example:

    % ssh ServerUser@remotesystem
    ServerUser@remotesystem's password: <enter password>
    remotesystem> cat >> ~/.ssh/authorized_keys2
    remotesystem> logout
    If the authorization file does not exist, the administrator must create it:
    remotesystem> mv ~/.ssh/authorized_keys2
    remotesystem> logout
  4. Open the SSH client configuration file and check that the following two parameters are configured as shown:

    • PubkeyAuthentication=yes

      • StrictHostKeyChecking=no