Creating a SSH Public/Private SSH Key Pair
On a unix box:
[geoff@lightning ~] ssh-keygen -t rsa -b 1024
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/geoff/.ssh/id_rsa): /export/home/geoff/.ssh/nas_key_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/geoff/.ssh/nas_key_rsa.
Your public key has been saved in /export/home/geoff/.ssh/nas_key_rsa.pub.
7f:3d:53:f0:2a:5e:8b:2d:94:2a:55:77:66:5c:9b:14 geoff@lightning
Installing the Public Key on the Appliance
On your Solaris host, observe the public key:
[geoff@lightning ~] cat .ssh/nas_key_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvYfK3RIaAYmMHBOvyhKM41NaSmcgUMC3ig
PN5gUKJQvSnYmjuWG6CBr1CkF5UcDji7v19jG3qAD5lAMFn+L0CxgRr8TNaAU+hA4/
tpAGkjm+dKYSyJgEdMIURweyyfUFXoerweR8AWW5xlovGKEWZTAfvJX9Zqvh8oMQ
5UJLUUc= geoff@lightning
Now, copy and paste everything after "ssh-rsa" and before "user@hostname" - in this case, geoff@lightning. That is, this bit:
AAAAB3NzaC1yc2EAAAABIwAAAIEAvYfK3RIaAYmMHBOvyhKM41NaSmcgUMC3ig
PN5gUKJQvSnYmjuWG6CBr1CkF5UcDji7v19jG3qAD5lAMFn+L0CxgRr8TNaAU+hA4/
tpAGkjm+dKYSyJgEdMIURweyyfUFXoerweR8AWW5xlovGKEWZTAfvJX9Zqvh8oMQ
5UJLUUc=
Logon to your appliance and get into the preferences -> keys area for this user (root):
[geoff@lightning ~] ssh root@fishy10.priv
Last login: Mon Dec 6 17:13:28 2010 from 192.168.0.2
fishy10:> configuration users
fishy10:configuration users> select root
fishy10:configuration users root> preferences
fishy10:configuration users root preferences> keys
fishy10:> configuration users select root preferences keys
Now, we create a new public key that will be accepted for this user and set the type to RSA:
fishy10:configuration users root preferences keys> create
fishy10:configuration users root preferences key (uncommitted)> set type=RSA
Set the key itself using the string copied previously (between ssh-rsa and user@host), and set the key ensuring you put double quotes around it (eg. set key="<key>"):
fishy10:configuration users root preferences key (uncommitted)> set key="AAAAB3NzaC1yc2EAAAABIwAAAIEAvYfK3RIaAYmMHBOvyhKM41NaSmcg
UMC3igPN5gUKJQvSnYmjuWG6CBr1CkF5UcDji7v19jG3qAD5lAMFn+L0CxgRr8TN
aAU+hA4/tpAGkjm+dKYSyJgEdMIURweyyfUFXoerweR8AWW5xlovGKEWZTAfvJX
9Zqvh8oMQ5UJLUUc="
Now set the comment for this key (do not use spaces):
fishy10:configuration users root preferences key (uncommitted)> set comment="LightningRSAKey"
fishy10:configuration users root preferences key (uncommitted)> commit
fishy10:configuration users root preferences keys> ls
NAME MODIFIED TYPE COMMENT
key-000 2010-10-25 20:56:42 RSA cycloneRSAKey
key-001 2010-12-6 17:44:53 RSA LightningRSAKey
As you can see, we now have my new key, and a previous key I have created on this appliance.
Running your Script over SSH from a Remote System
Here I have created a basic test script, and saved it as test.ecma3:
[geoff@lightning ~] cat test.ecma3
// This is a test script, By Geoff Ongley 2010.
printf("Testing script remotely over ssh\n");
Now, we can run this script remotely with our keyless login:
[geoff@lightning ~] ssh -i .ssh/nas_key_rsa root@fishy10 < test.ecma3
Pseudo-terminal will not be allocated because stdin is not a terminal.
Testing script remotely over ssh