To generate a key pair consisting of a public and a private key, you enter the following command at the CLI of the device with the LCOS SSH client to be used:
sshkeygen [-(?|h)] [-t (dsa|rsa|ecdsa)] [-b <Bits>]
A detailed description of the parameters in the sshkeygen command can be found in the section SSH key generation with LCOS. The device automatically creates the keys and saves them to its internal file system in the PEM format under the file name ssh_rsakey (for RSA keys), ssh_dsakey (for DSA or DSS keys) or ssh_ecdsakey (for ECDSA keys). The ID files have the following structure, which defines the use of a key for a certain LCOS administrator:
*** User <MyAdmin> <SSH-Key> *** End
Retrieving the public key
After the device has generated the key pair, you need to transfer the public part to the remote system. The public part of the key is retrieved with the following command:
show ssh idkeys
This command generates output similar to the following:
Configured Client-Side SSH Host Keys For User 'root': ssh-rsa AAAAB3NzaC1yc2EAAAABEQAAAQEA28BtnFFInAi8I5B1aOwq5g2Y…0nkuNQ== root@
- The first part shows the key type (ssh-rsa or ssh-dss).
- The second part is the binary output of the key itself, coded as Base64.
- The third part contains the host name and is intended for entering comments.
Transferring the public key to a remote system
Assuming that the remote system is a device equipped with LCOS, you load the relevant DSA or RSA key using either the device file management or by adding to the list of public keys in WEBconfig directly under . To do this, copy the first and second parts and replace the third part with a list of users to limit the use of this key to a selection of LCOS administrators.
For more information about the syntax required for public keys, how to use different keys, and how to link them to different administrators, see the section Syntax and modifying public-key users.
