IVM mkauthkeys command

Purpose

Allows key-based SSH authentication between two systems. This updates the ~/.ssh/authorized_keys2 file with the specified public key. It can also be used to push the users public key to a remote Integrated Virtualization Manager or HMC system.

Syntax

To add the SSH key as an authorized key locally:

mkauthkeys { -a | --add } <key string>

To remove the SSH key locally:

mkauthkeys { -r | --remove } [ -u <user> ] <key string>

To exchange public keys with a remote system:

mkauthkeys { -a | --add } -- ip <remote system> [ -u <user> ] <key string>

To test the remote non-interactive authentication using the SSH key:

mkauthkeys --test -- ip <remote system> [ -u <user> ]

Description

The mkauthkeys command updates the Integrated Virtualization Manager user's authorized_keys2 file.

Flags

Flag name Description
-a Adds the ssh command key.
-g Displays the public key for the specified user and generates the user's public and private key pair if they do not exist.
-r Removes the key for the specified user ID and host.
--add Adds the ssh command key.
--remove Removes the key for the specified user ID and host.
--test Verifies authentication to the remote host
--ip <remote server IP> Allows installing this user's public key on the specified remote HMC or Integrated Virtualization Manager system for the user specified with -u flag. If -u flag is not specified, the remote user's public key will be installed on the local system.
-u username Specifies the user name to add or remove the key. You must have hmcsuperadmin or PAdmin authority to add or remove key for other users.
key string The ssh command key to add to or the ID to remove.

Exit Status

This command has a return code of 0 on success.

Examples

  1. To add the SSH key generated for user joe@somehost , type the following command: 
    mkauthkeys -a 'adB8fqeZs2d-gg+q joe@somehost
  2. To display the current user's public key, type the following command: 
    mkauthkeys -g
  3. To display the public key for fred, type the following command: 
    mkauthkeys -g -u fred
  4. To remove the SSH key generated for user joe@somehost, type the following command: 
    mkauthkeys -r 'adB8fqeZs2d-gg+q joe@somehost'
  5. To remove all SSH keys generated for user joe@somehost, type the following command: 
    mkauthkeys -r 'joe@somehost'
  6. To add the SSH key generated for this user to a remote.host as user fred, type the following command: 
    mkauthkeys -a --ip remote.host -u fred
    Note: The user will prompted for the password on the remote.host.
  7. To enable user from somesystem with public key ssh-rsa thersakeygoeshere= to access the Virtual I/O Server without using a password, type the following command: 
    mkauthkeys -a ssh-rsa thersakeygoeshere= user@somesystem
  8. To remove the key from the authorized key list, type the following command: 
    mkauthkeys -r ssh-rsa thersakeygoeshere= user@somesystem
  9. To remove all keys that end with the string user@somesystem, type the following command: 
    mkauthkeys -r user@somesystem
  10. To allow the padmin user to remove a key for any user, type the following command: 
    mkauthkeys -r -u user ssh-rsa thersakeygoeshere= user@somesystem
  11. To add the current user's local public key to the authorized keys list on a remote system, and adds the user's remote public key to the authorized keys list on the local system, type the following command: 
    mkauthkeys -a --ip othersystem.com
  12. To add the current user's local public key to the authorized keys list for remote user user on a remote system, and adds the remote public key of user to the authorized keys list for the current user on the local system, type the following command: 
    mkauthkeys -a --ip othersystem.com -u user
  13. To verify non-interactive authentication using the SSH key for the current user, type the following command: 
    mkauthkeys --test --ip othersystem.com
    Note: If it returns 0, then non-interactive authentication is working properly. If mkauthkeys returns nonzero, then non-interactve authentication is not configured properly and displays the following message: [VIOSE0104200B-0217] Permission denied (publickey,password,keyboard-interactive).
  14. To verify non-interactive authentication using the SSH key for the current user on local system to specify the user on a remote system, type the following command: 
    mkauthkeys --test --ip othersystem.com -u user
Parent topic: Virtual I/O Server and Integrated Virtualization Manager commands listed alphabetically
Parent topic: Integrated Virtualization Manager commands


Last updated: Wed, November 18, 2020