How to Log In to a Remote Host With Solaris Secure Shell

1. Start a Solaris Secure Shell session.
   Type the ssh command, and specify the name of the remote host.
   

   myLocalHost% ssh myRemoteHost

   A prompt questions the authenticity of the remote host:
   

   The authenticity of host 'myRemoteHost' can't be established. RSA key fingerprint in md5 is: 04:9f:bd:fc:3d:3e:d2:e7:49:fd:6e:18:4f:9c:26 Are you sure you want to continue connecting(yes/no)?

   This prompt is normal for initial connections to remote hosts.
2. If prompted, verify the authenticity of the remote host key.
   
   • If you cannot confirm the authenticity of the remote host, type no and contact your system administrator.
     

     Are you sure you want to continue connecting(yes/no)? no

     The administrator is responsible for updating the global /etc/ssh/ssh_known_hosts file. An updated ssh_known_hosts file prevents this prompt from appearing.
   • If you confirm the authenticity of the remote host, answer the prompt and continue to the next step.
     

     Are you sure you want to continue connecting(yes/no)? yes

3. Authenticate yourself to Solaris Secure Shell.
   
   1. When prompted, type your passphrase.
      

      Enter passphrase for key '/home/jdoe/.ssh/id_rsa': <Type passphrase>

   2. When prompted, type your account password.
      

      jdoe@myRemoteHost's password: <Type password> Last login: Fri Jul 20 14:24:10 2001 from myLocalHost myRemoteHost%

4. Conduct transactions on the remote host.
   The commands that you send are encrypted. Any responses that you receive are encrypted.
5. Close the Solaris Secure Shell connection.
   When you are finished, type exit or use your usual method for exiting your shell.
   

   myRemoteHost% exit myRemoteHost% logout Connection to myRemoteHost closed myLocalHost%

How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell

Users must generate a public/private key pair when their site implements host-based authentication or user public-key authentication. For additional options, see the ssh-keygen(1) man page.

Before You Begin

Determine from your system administrator if host-based authentication is configured.

1. Start the key generation program.
   

   myLocalHost% ssh-keygen -t rsa Generating public/private rsa key pair. …

   where -t is the type of algorithm, one of rsa, dsa, or rsa1.
2. Specify the path to the file that will hold the key.
   By default, the file name id_rsa, which represents an RSA v2 key, appears in parentheses. You can select this file by pressing theReturn key. Or, you can type an alternative file name.
   

   Enter file in which to save the key (/home/jdoe/.ssh/id_rsa):<Press Return>

   The file name of the public key is created automatically by appending the string .pub to the name of the private key file.
3. Type a passphrase for using your key.
   This passphrase is used for encrypting your private key. A null entry is strongly discouraged. Note that the passphrase is not displayed when you type it in.
   

   Enter passphrase (empty for no passphrase): <Type passphrase>

4. Retype the passphrase to confirm it.
   

   Enter same passphrase again: <Type passphrase> Your identification has been saved in /home/jdoe/.ssh/id_rsa. Your public key has been saved in /home/jdoe/.ssh/id_rsa.pub. The key fingerprint is: 0e:fb:3d:57:71:73:bf:58:b8:eb:f3:a3:aa:df:e0:d1 jdoe@myLocalHost

5. Check the results.
   Check that the path to the key file is correct.
   

   % ls ~/.ssh id_rsa id_rsa.pub

   At this point, you have created a public/private key pair.
6. Choose the appropriate option:
   
   • If your administrator has configured host-based authentication, you might need to copy the local host's public key to the remote host.
     You can now log in to the remote host. For details, see How to Log In to a Remote Host With Solaris Secure Shell.
     
     1. Type the command on one line with no backslash.
        

        % cat /etc/ssh/ssh_host_dsa_key.pub | ssh RemoteHost \ 'cat >> ~./ssh/known_hosts && echo "Host key copied"'

     2. When you are prompted, supply your login password.
        

        Enter password: <Type password> Host key copied %

   • If your site uses user authentication with public keys, populate your authorized_keys file on the remote host.
     
     1. Copy your public key to the remote host.
        Type the command on one line with no backslash.
        

        myLocalHost% cat $HOME/.ssh/id_rsa.pub | ssh myRemoteHost \ 'cat >> .ssh/authorized_keys && echo "Key copied"'

     2. When you are prompted, supply your login password.
        When the file is copied, the message “Key copied” is displayed.
        

        Enter password: Type login password Key copied myLocalHost%

7. (Optional) Reduce the prompting for passphrases.
   For a procedure, see How to Reduce Password Prompts in Solaris Secure Shell. For more information, see the ssh-agent(1) and ssh-add(1) man pages.

---

Example 19–2 Establishing a v1 RSA Key for a User

In the following example, the user can contact hosts that run v1 of the Solaris Secure Shell protocol. To be authenticated by v1 hosts, the user creates a v1 key, then copies the public key portion to the remote host.

myLocalHost% ssh-keygen -t rsa1 -f /home/jdoe/.ssh/identity Generating public/private rsa key pair. … Enter passphrase (empty for no passphrase): <Type passphrase> Enter same passphrase again: <Type passphrase> Your identification has been saved in /home/jdoe/.ssh/identity. Your public key has been saved in /home/jdoe/.ssh/identity.pub. The key fingerprint is: … myLocalHost% ls ~/.ssh id_rsa id_rsa.pub identity identity.pub myLocalHost% cat $HOME/.ssh/identity.pub | ssh myRemoteHost \ 'cat >> .ssh/authorized_keys && echo "Key copied"'

Ficheros para configuración de red en Solaris

Cuando configuramos los parámetros de red en Solaris, lo hacemos mediante línea de comandos. Pero para que los cambios perduren después del reinicio de la máquina hay que volcar los datos en ficheros de configuración.


En este artículo explicaremos los diferentes ficheros de configuración de red de Solaris.


/etc/hostname.interface

Define el hostname que tendrá cada interfaz de red.


/etc/nodename

Contiene el hostname local del equipo.


/etc/defaultdomain

Contiene el nombre del dominio del equipo.


/etc/defaultrouter

Contiene la puerta de enlace por defecto.


/etc/inet/hosts

Contiene la resolución IP/host. Tiene un softlink en el fichero /etc/hosts.

/etc/inet/netmasks

Contiene la máscara de red de cada IP.