Configuring SSH between Hosts
Check that the sshd subsystem is active:
lssrc –s sshd
Log in as the user you want to establish the SSH connection and execute:
ssh-keygen –t dsa
The output will be similar to:
Generating public/private dsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_dsa):<Enter>
Enter passphrase (empty for no passphrase):<Enter>
Note: If you enter a passphrase, then sshd never starts, because it cannot
decrypt the private key upon startup, so leave empty
Enter same passphrase again:<Enter>
Your identification has been saved in /home/root/.ssh/id_dsa.
Your public key has been saved in /home/root/.ssh/id_dsa.pub.
The key fingerprint is:
56:06:7e:53:38:e6:70:43:c6:35:99:41:0e:35:6e:99
At this stage the only two files created in the user’s .ssh sub-directory are id_dsa and id_dsa.pub.
Execute the ssh-keygen command on the second host.
From the first host run:
scp <userid>@<IPadd>:<home_dir>/.ssh/id_dsa.pub authorized_keys
You will get a warning message similar to the following and be prompted for the password:
The authenticity of host '<IPaddr>' can't be established.
RSA key fingerprint is f2:f1:5d:6a:a1:c3:32:51:e7:9c:3c:44:7c:f5:c3:c0.
Are you sure you want to continue connecting (yes/no)? yes
Now append your own id_dsa.pub file to the newly created authorized_keys.
cat id_dsa.pub >> authorized_keys
Send authorized_keys containing both keys back to the second host:
scp authorized_keys <userid>@<IPadd>:<home_dir>/.ssh/authorized_keys
You will again be prompted for a password. This will create a known_hosts file on the first host containing the name of the second host (plus lots of characters). On the first host, if you run:
ssh <hostname1>
then the local host will be added to the known_hosts file to allow ssh within itself (required for some applications at installation time).
On the second host run:
ssh <hostname1>
to create its own known_hosts file (it will require a password), and repeat with ssh <hostname2>.
Test that logins can be achieved from either host without passwords.
