Skip to main content

Generate a public/private key pair

This scenario is suitable when creating a key pair from a self-signed certificate not certified by a CA signing authority.

  1. Use sshkeygen to create an encrypted public/private key file:

    sshkeygen -p mypass > user_ppk.kvg

    The resulting user_ppk.kvg file contains details such as the key type, encryption status, and creation timestamp.

  2. Add the public key to the user's authorized_keys file; for exampe:

    cat ~/.ssh/authorized_keys

    After logging in the user, append "KeyType" [space] "PublickKey" into ~/.ssh/authorized_keys. It should look like:

    rsa AAAAB3NzaC1yc2EAVAABJQAAAIEAqJQh1F6dyZcrUNWmvRtcuItLXsTDZqBjuw9vRMS2/9oalMEiKSu1T/ZlHdoQSxRDL8Utz+n5s08Xx/oYp/BbP\
    te6vnbo0muL94aw0rf//jyWLsztVsXsiH+GbNXARt2H/v/ZYH0Bt1US3bXt5C2mV/I30nplDbdhEm1n6HtDSNU=
  3. Configure agtssh to use the public/private key for authentication. Change the target address line to add the authkey option to user_ppk.kvg and copy the file into the script folder.

    For public key authentication, the adminid is used to decrypt the authentication key file and systempw isused to authenticate for sudo (if sudo is set in privileged escalation mode).