Setting SSH Public Key Authentication

SSH Reference > Setting SSH Public Key Authentication

This section uses an example to describe how to set up an SSH key pair. In the example, the user qadeatest is a user on the QAD EA server qadealinux, and the user demo is a user on the Tomcat server tomcatlinux, who started Tomcat. The user qadeatest is going to create the public/private key pair for the SSH connection between qadealinux and tomcatlinux so that the user demo can SSH to the QAD EA server using the private key. In this way, the QXI UIAPI connection pool can get an idle connection to QAD EA. See the following instructions:

1 Use the user name qadeatest to log in to the QAD EA server.

2 If there is not an .ssh directory in /home/qadeatest, run the following commands to create a directory and set the correct permissions.

mkdir ~/.ssh

chmod 700 ~/.ssh

3 In the directory /home/qadeatest/.ssh, create the public and private key pair using the command:

ssh-keygen -t rsa

4 Specify the file where you store the generated keys when prompted as the following:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/qadeatest/.ssh/id_rsa):

Ensure that you follow the name convention id_rsa. Enter /home/qadeatest/.ssh/qadeatest_rsa.

5 Set a password for the keys when prompted and repeat the password to confirm.

Leave it empty if you do not want to set a password. The password protects your private key. It is recommended that you set a password for the key.

The keys are generated when the following prompts:

Your identification has been saved in qadeatest_rsa.

your public key has been saved in qadeatest_rsa.pub.

The key fingerprint is:

99:c3:5f:30:02:a4:5d:59:46:c6:cd:60:9f:9c [email protected]

6 Append the public key to authorized_keys2 in the directory /home/qadeatest/.ssh.

If the authorized_keys2 file does not exist in the directory /home/qadeatest/.ssh, copy qadeatest_rsa to authorized_keys2.

7 Copy the private key to the Tomcat server.

a Log in to the Tomcat server as demo.

b If there is no .ssh directory in /home/demo/, create one using the following command and set the correct permissions:

mkdir .ssh

chmod 700 .ssh

c Copy the private key qadeatest_rsa from the QADEA server. Run the following command:

scp [email protected]:~/.ssh/qadeatest_rsa ~/.ssh

d When prompted, enter yes to confirm the connection and enter the password for [email protected].

8 Verify whether the SSH connection is established.

a On the Tomcat server, run the following command to SSH to the QAD EA server:

ssh [email protected] -i ~/.ssh/qadeatest_rsa

b When prompted, enter the password for the key qadeatest_rsa.

If you are prompted for the password of [email protected] rather than the password for the private key qadeatest_rsa, the SSH connection is not established. In this case, add the -v option to the ssh command for debugging.

c If the SSL connection is established, the user demo is logged in to qadealinux as qadeatest. Check it using the command $ id.

Note: Anyone who has the private key and the password for the key can access the target host server. Ensure that you safely store the private key.