IVM mkauthkeys command
Purpose
Allows key-based SSH authentication between two systems. This updates the ~/.ssh/authorized_keys2 file with the specified public key. It can also be used to push the users public key to a remote Integrated Virtualization Manager or HMC system.
Syntax
To add the SSH key as an authorized key locally:
mkauthkeys { -a | --add } <key string>
To remove the SSH key locally:
mkauthkeys { -r | --remove } [ -u <user> ] <key string>
To exchange public keys with a remote system:
mkauthkeys { -a | --add } -- ip <remote system> [ -u <user> ] <key string>
To test the remote non-interactive authentication using the SSH key:
Description
The mkauthkeys command updates the Integrated Virtualization Manager user's authorized_keys2 file.
Flags
Flag name | Description |
---|---|
-a | Adds the ssh command key. |
-g | Displays the public key for the specified user and generates the user's public and private key pair if they do not exist. |
-r | Removes the key for the specified user ID and host. |
--add | Adds the ssh command key. |
--remove | Removes the key for the specified user ID and host. |
--test | Verifies authentication to the remote host |
--ip <remote server IP> | Allows installing this user's public key on the specified remote HMC or Integrated Virtualization Manager system for the user specified with -u flag. If -u flag is not specified, the remote user's public key will be installed on the local system. |
-u username | Specifies the user name to add or remove the key. You must have hmcsuperadmin or PAdmin authority to add or remove key for other users. |
key string | The ssh command key to add to or the ID to remove. |
Exit Status
This command has a return code of 0 on success.
Examples
- To add the SSH key generated for user joe@somehost , type
the following command:
mkauthkeys -a 'adB8fqeZs2d-gg+q joe@somehost
- To display the current user's public key, type the following command:
mkauthkeys -g
- To display the public key for fred, type the following
command:
mkauthkeys -g -u fred
- To remove the SSH key generated for user joe@somehost,
type the following command:
mkauthkeys -r 'adB8fqeZs2d-gg+q joe@somehost'
- To remove all SSH keys generated for user joe@somehost,
type the following command:
mkauthkeys -r 'joe@somehost'
- To add the SSH key generated for this user to a remote.host as
user fred, type the following command:
mkauthkeys -a --ip remote.host -u fred
Note: The user will prompted for the password on the remote.host. - To enable user from somesystem with
public key ssh-rsa thersakeygoeshere= to access the Virtual I/O Server without using
a password, type the following command:
mkauthkeys -a ssh-rsa thersakeygoeshere= user@somesystem
- To remove the key from the authorized key list, type the following
command:
mkauthkeys -r ssh-rsa thersakeygoeshere= user@somesystem
- To remove all keys that end with the string user@somesystem,
type the following command:
mkauthkeys -r user@somesystem
- To allow the padmin user to remove a key for any user, type the
following command:
mkauthkeys -r -u user ssh-rsa thersakeygoeshere= user@somesystem
- To add the current user's local public key to the authorized keys
list on a remote system, and adds the user's remote public key to
the authorized keys list on the local system, type the following command:
mkauthkeys -a --ip othersystem.com
- To add the current user's local public key to the authorized keys
list for remote user user on a remote system, and adds the
remote public key of user to the authorized keys list for the
current user on the local system, type the following command:
mkauthkeys -a --ip othersystem.com -u user
- To verify non-interactive authentication using the SSH key for
the current user, type the following command:
mkauthkeys --test --ip othersystem.com
Note: If it returns 0, then non-interactive authentication is working properly. If mkauthkeys returns nonzero, then non-interactve authentication is not configured properly and displays the following message: [VIOSE0104200B-0217] Permission denied (publickey,password,keyboard-interactive). - To verify non-interactive authentication using the SSH key for
the current user on local system to specify the user on a remote system,
type the following command:
mkauthkeys --test --ip othersystem.com -u user