Public key authentication can be usefull for automating file transfers via ssh. This is without question far more secure than using FTP with passwords encoded in a script or in a .netrc file. The problem is that FTP sends the user/password login in clear text. This is easy to see using the snoop command or any other packet capturing utility.

The solution is to create a pair of keys using ssh-keygen. When the keys are created you have an opportunity to supply a passphrase. If you just press enter when prompted for the passphrase the keys will be generated with no passphrase. This is generally not recommended however it does greatly simplify automatic file transfers via ssh and it is far more secure than FTP so in my opinion it is acceptable as long as file and directory permissions adequately protect the private key.

Here are the steps to setup public key authentication on Solaris with OpenSSH:

• Generate the keys - "ssh-keygen -t rsa". Just press enter when prompted for a passphrase. This will result in the creation of a public key, id_rsa.pub, and a private key, id_rsa.

• Move the private key to $HOME/.ssh. Maintain the 600 permissions.

• Move the public key to your $HOME/.ssh directory on the remote server.

• The SSH server on the remote host must allow public key authentication and by default OpenSSH does. You can verify this by examining the sshd.conf file on the remote server.

• You should now be ready to test using the keys to login to the remote server. Simply ssh to the remote server. If you are logged in without being prompted for a password then everything worked as expected.

• There are a couple of things you can do to troubleshoot problems with the key. First, try to login again with verbose output enabled, "ssh -v remoteserver" and look carefully at the output. Also you can run the server in debug mode on an unused port, "ssh -d -p 2022", then try to login again and carefully examine the server output.

Here are examples of the private/public keys:

Public Key:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAovvV2shiTB4SQZauPz1BkesDu8v/ SGBLrFebyH+iG+YgarQ1tMHjisDqfknNIBR//7mRRPUzFyjWYrhNaufjHa9q7oJ/ dXH5BXaNP547QrVOkrfw3NEqL/6g/pwQIKCFiDe9QqCuweLBaknzyss9QLLsBbmL Vz1GluGx8XlO4kU= vic@skylab

Note - The public key will have no line breaks.

Private Key:

-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgQCi+9XayGJMHhJBlq4/PUGR6wO7y/9IYEusV5vIf6Ib5iBqtDW0
weOKwOp+Sc0gFH//uZFE9TMXKNZiuE1q5+Mdr2rugn91cfkFdo0/njtCtU6St/Dc
0Sov/qD+nBAgoIWIN71CoK7B4sFqSfPKyz1AsuwFuYtXPUaW4bHxeU7iRQIBIwKB
gG/CoUWQuG61iNyElL2mWNkWLnIle9nboZq/u0en+iHCX18cfJk0fsWLmXsrStQr
UHTXBIcOiW73bm+UUlfvdykz4ShJpXHWkg5ZuY1EOGVl+Gt9cYI61WviYYHsYJKl
D59V39aKQBjTKLZpiuVvHiJriWER+dSCvA3Azn/JaV3rAkEA10tqcWl0YblD7RGc
pVIWc8IwH74VryAsdFgZHUPYScYm0VHx8/lfrYwIn6C50VbrvBTRAJ++AHYMjF22
4mWHywJBAMHMfqWvZbdVbJv3tPVsQwzXcIFCk+GSxjV6srC/cntd7l6E4nhtPgFE
rPsTLQ0vuBoEMdQJ7f4o9kbRwDvaXC8CQHTfzBGuRn4xX2Nv9fNYcpacncgWu1Bw
jSk3I5OLOuY4Xjcd2x4LCA3BC/7iOPyc5l7JeMXTD19WBs/bGiMhLHUCQGk0f0QA
IUZEUOb0Lwji/9PFaPW2bYkVKcVCm4SFL4TMl1fhvMUIGlh1vP1TjXwv2PguKa2e
/Yn4+ri7AfSbHBkCQQDV1Gss+3IlVAVlA9LJVj3irkfrfRNVp0qXXAw7cwXk0cBY
xIpXplPcB9BxnlkzDd986cPG/rTzU2Di4RNHhAkM
-----END RSA PRIVATE KEY-----