About this task
Public key authentication (SSH Key) is a more secure alternative to password authentication
that allows users to avoid entering or storing a password, or sending it over the
network. Public key authentication uses the client computer to generate the
key-pair (a public key and a private key). The public key is then provided to the
remote computer's administrator to be installed on that machine.
Procedure
-
Create a .ssh directory in your home directory if it does
not already exist:
$ mkdir /Users/username/.ssh
$ mkdir /home/username/.ssh
Go to the .ssh folder:
$ cd /Users/username/.ssh
$ cd /home/username/.ssh
-
Run ssh-keygen to generate an SSH key-pair.
Run the following command in the
.ssh folder to create a
key pair. For
key_type
, specify either RSA
(
rsa
) or ECDSA (
ecdsa
). At the prompt for
the key-pair's filename, press ENTER to use the default name
id_rsa or
id_ecdsa, or enter a
different name, such as your username. For a passphrase, either enter a
password, or press return twice to leave it
blank:
$ ssh-keygen -t key_type
Note:
When you run
ascp in FIPS mode
(
<fips_enabled> is set to
true in
aspera.conf), and you use passphrase-protected SSH
keys, you must either (1) use keys generated by running
ssh-keygen in a FIPS-enabled system, or (2) convert
existing keys to a FIPS-compatible format using a command such as the
following:
$ openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa
-
Retrieve the public key file.
The key-pair is generated to your home directory's
.ssh folder. For
example, assuming you generated the key with the default name
id_rsa:
/Users/username/.ssh/id_rsa.pub/home/username/.ssh/id_rsa.pub
Provide
the public key file (for example, id_rsa.pub) to your
server administrator so that it can be set up for your server connection.
-
Start a transfer using public key authentication with the
ascp command.
To transfer files using public key authentication on the command line, use the
option
-i
private_key_file. For
example:
$ ascp -T -l 10M -m 1M -i ~/.ssh/id_rsa myfile.txt jane@10.0.0.2:/space
In this example, you are
connecting to the server (10.0.0.2, directory
/space) with the user account
jane and the private key
~/.ssh/id_rsa.