Metawerx Java Hosting Small Logo

Metawerx Support - How to Generate an SSH Key Pair

Introduction

This topic demostrates the steps involved for generating a public/private key pair for SSH.

A key pair is required to access certain functionality, such as:

  • resetting a dedicated Java VM (JBoss, Tomcat, Geronimo)
  • obtaining a permanent external database connection, (see the Remote Connection pages on the Support Topics page)
  • obtaining an RSync connection to synchronize files from your office to a metawerx server
  • tailing a log file, to watch log output live

In these cases, you will be asked by support to generate a key pair and should follow these instructions.

The public key is installed on our server, and you will use your private key to connect to the server to execute the special funcationality, using an SSH forced command.

Linux/Unix

On linux, SSH is provided by the openssh-client package, or built in to the distribution.

These instructions are for OpenSSH. If you have a different version of SSH, the instructions should be similar. If you find a difference, please edit this page to add instructions for your specific distribution.

  • Install openssh-client if you haven't already (see your distribution documentation). For example, on Ubuntu, apt-get install openssh-client
  • Switch to the user you want to use to make the connection. It is not necessary to be root.
  • First, decide on a name for your key files. The public key name will be a .pub file, and the private key will not have an extension. For example, if the key file is for resetting your JBoss VM, a suitable name would be acctname.reset. The name will become important when we provide multiple facilities to you, or multiple accounts.
  • Enter the command: ssh-keygen -t rsa
  • You will be asked for the filename in which to save the key. The path will be correct, but you will need to re-enter it with a more useful filename, eg: /home/cassie/.ssh/acctname.reset
  • Don't enter a passphrase (just hit Enter for defaults)
  • The output will look something like this:
cassie@ubuntu:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/cassie/.ssh/id_rsa): /home/cassie/.ssh/acctname.reset
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/cassie/.ssh/acctname.reset.
Your public key has been saved in /home/cassie/.ssh/acctname.reset.pub.
The key fingerprint is:
f3:69:44:f5:16:08:a4:cd:3f:2f:26:c7:d3:60:3a:54 cassie@ubuntu
cassie@ubuntu:~$
  • If this is the first time you have used SSH, a hidden folder called .ssh will be created in your home folder.
  • Send the public key file (/home/cassie/.ssh/acctname.reset.pub) to metawerx support
  • Keep the private key private (linux automatically assigns a suitable permission of 600)

The location of the private key file will be specified in your putty/plink command line to run the action.

Example:

ssh -Cv -p 22 -i /home/cassie/.ssh/acctname.reset acctname@servername.metawerx.net

Windows

For Windows, the putty or plink tools are used. Therefore, we will create a key pair suitable for use with putty.

  • Download PuTTY, Plink and PuTTYgen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
  • Start PuTTYgen
  • Leave options on defaults (Type of key: SSH-2 RSA, 2048 bit)
  • Click Generate
  • You will be asked to move the mouse around to generate "randomness", and the progress bar will move to 100%
  • Choose a name for your key files. The public key will be a .pub file, and the private key will be a .ppk file. For example, if the key file is for resetting your JBoss VM, suitable names would be acctname.reset.pub and acctname.reset.ppk. The name will become important when we provide multiple facilities to you, or multiple accounts.
  • Save the public key, giving it a suitable name (acctname.reset.pub)
  • Save the private key, giving it a suitable name (acctname.reset.ppk), when asked if you want to save without a passphrase, click Yes. Save both files to the same folder.
  • Remember where you saved the files, you will need the paths later to connect with plink or putty.
  • Send the public key file to metawerx support (acctname.reset.pub).
  • Keep the private key private

The location of the private key file will be specified in your putty/plink command line to run the action.

Example:

plink -C -v -P 22 -i c:\keys\acctname.reset.ppk acctname@servername.metawerx.net

Screenshot (puttygen):
http://www.metawerx.net/images/screenshots/puttykeygen.png

Remote Database Connections

The above explains how to establish a tunnel using an SSH certificate key-pair. This can be used to skip the username/password entry normally required with PLINK/PuTTY/SSH.

The following pages show how to establish a remote database connection over the SSH tunnel, but the examples show the use of a username/password. You can therefore substitute the username/password entry with the -i command line argument to specify your certificate as above.

See Also

navigation
metawerx specific
search
Share
tools
help

referring pages

Share