Configuring public-key authentication for the SSH client

This procedure assumes that the MPLS Topology Server host is running OpenSSH. As shown in OpenSSH commands and filenames for SSH1 RSA, SSH2 RSA, and SSH2 DSA, the OpenSSH key-generation commands and key-store filenames differ according to the type of protocol implementation. This procedure assumes a protocol implementation of SSH2 DSA.

Table 1. OpenSSH commands and filenames for SSH1 RSA, SSH2 RSA, and SSH2 DSA
SSH version	Public-key algorithm	Key-generation command	Generated key files		Public-key file on remote device
SSH version	Public-key algorithm	Key-generation command	Private-key file 1	Public-key file	Public-key file on remote device
1**Copied to $HOME/.ssh directory on host where the MPLS Topology Server is running.
SSH1	RSA	ssh-keygen-t rsa1	identity	identity.pub	~/.ssh/authorized_keys
SSH2	RSA	ssh-keygen-t rsa	id_rsa	id_rsa.pub	~/.ssh/authorized_keys2
SSH2	DSA	ssh-keygen-t dsa	id_dsa	id_dsa.pub	~/.ssh/authorized_keys2

To configure public-key authentication for the SSH client:

Create a public/private key pair by using the OpenSSH ssh-keygen-t dsa utility.

When prompted, enter a key-store file path and a passphrase. The OpenSSH ssh-keygen-t dsa utility then creates the key pair, uses the passphrase to encrypt the private key before storing the private key in the key-store file (for example, in the /home/MPLS/.ssh/id_dsa file), and stores the public key in a sibling location (for example, in the /home/MPLS/.ssh/id_dsa.pub file).
Copy the public key to each of the SSH-enabled devices in the managed network.

For example:
```
% scp ~/.ssh/id_dsa.pub ServerUser@remotesystem
            
```

Append the public key to the authorization file on each of the devices.

Because public-key authentication is not yet configured at the devices, you would use SSH password authentication to log in to the devices to complete this step. For example:

% ssh ServerUser@remotesystem
               
ServerUser@remotesystem's password: <enter password>
.
.
.
remotesystem> cat id_dsa.pub >> ~/.ssh/authorized_keys2
               
remotesystem> logout
If the authorization file does not exist, the administrator must create it:
remotesystem> mv id_dsa.pub ~/.ssh/authorized_keys2
               
remotesystem> logout

Open the SSH client configuration file and check that the following two parameters are configured as shown:
- PubkeyAuthentication=yes
  - StrictHostKeyChecking=no