Chapter 2. DB2 server deployment 61
Here we use Digital Signature Algorithm (DSA) as the key type. You can use
RSA instead. The corresponding command is shown in Example 2-13.
Example 2-13 Generate a public and private key pair using RSA
# cd ~/.ssh
# ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
The option -N "" informs the command ssh-keygen to use an empty
passphrase when generating the key files. A passphrase is like a password
for the key file. Option -f specifies the file name for a key file. Example 2-14
shows the key files generated by the foregoing commands. Files with suffix
.pub are public key files. Files without any suffix are private files.
Example 2-14 Files generated by above commands
# ls -alt
total 40
drwx------ 2 root system 256 Jun 18 16:12 .
-rw------- 1 root system 1679 Jun 18 16:12 id_rsa
-rw-r--r-- 1 root system 392 Jun 18 16:12 id_rsa.pub
-rw------- 1 root system 672 Jun 18 16:11 id_dsa
-rw-r--r-- 1 root system 600 Jun 18 16:11 id_dsa.pub
drwxr-xr-x 28 root system 4096 Jun 11 10:47 ..
Ensure that the file permission of the key file is correct. By default, the private
key file can only be read and written by the root user.
3. Distribute the public key file to the remote machines where automatic login of
the root user is to be enabled. The command is:
cat ~/.ssh/id_dsa.pub | ssh root@baltic 'cat >> ~/.ssh/authorized_keys'
In this step we read the public key file and redirect its content to ssh through
a pipe. Then we use ssh to execute a command to Baltic, which is the remote
machine. And we append the content of this public key to a file named
authorized_keys. This file is located in the folder .ssh under the root user’s
home directory on a remote machine.
Example 2-15 shows the prompts we encounter when executing this remote
command. The first prompt is a warning because this is the first time we
connect to the machine Baltic. An authentication key has to be accepted. The
second prompt asks for the root user’s password to login to Baltic.
Example 2-15 Distribute the public key file to remote machine
# cat ~/.ssh/id_dsa.pub | ssh root@baltic 'cat >> ~/.ssh/authorized_keys'
The authenticity of host 'baltic (9.43.86.48)' can't be established.
RSA key fingerprint is 48:56:a4:d9:27:25:12:0f:b3:11:5a:60:52:7a:25:e0.