Creating SSH keys in LCOS

To generate a key pair consisting of a public and a private key, you enter the following command at the CLI of the device with the LCOS SSH client to be used:

sshkeygen [-(?|h)] [-t (dsa|rsa|ecdsa)] [-b <Bits>]

A detailed description of the parameters in the sshkeygen command can be found in the section SSH key generation with LCOS. The device automatically creates the keys and saves them to its internal file system in the PEM format under the file name ssh_rsakey (for RSA keys), ssh_dsakey (for DSA or DSS keys) or ssh_ecdsakey (for ECDSA keys). The ID files have the following structure, which defines the use of a key for a certain LCOS administrator:

*** User <MyAdmin>
<SSH-Key>
*** End

Retrieving the public key

After the device has generated the key pair, you need to transfer the public part to the remote system. The public part of the key is retrieved with the following command:

show ssh idkeys

This command generates output similar to the following:

Configured Client-Side SSH Host Keys For User 'root':
ssh-rsa AAAAB3NzaC1yc2EAAAABEQAAAQEA28BtnFFInAi8I5B1aOwq5g2Y…0nkuNQ== root@

Transferring the public key to a remote system

Assuming that the remote system is a device equipped with LCOS, you load the relevant DSA or RSA key using either the device file management or by adding to the list of public keys in WEBconfig directly under Extras > Edit list of allowed SSH public keys. To do this, copy the first and second parts and replace the third part with a list of users to limit the use of this key to a selection of LCOS administrators.

For more information about the syntax required for public keys, how to use different keys, and how to link them to different administrators, see the section Syntax and modifying public-key users.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo