Setting up an SSH client

Secure Shell (SSH) is a client/server network application. It is used as a communication vehicle between the host system (for example, a laptop computer) and the system command-line interface (CLI).

Overview

The system acts as the SSH server in this relationship. The SSH client provides a secure environment in which to connect to a remote computer. Authentication is completed by using a user name and password. If you require command-line access without entering a password, it uses the principles of public and private keys for authentication.

Authenticating SSH logins

Generate a Secure Shell (SSH) key pair to use the command-line interface (CLI). Additionally, when you use the SSH to log in to the system, you must use the RSA-based private key authentication.

When you are using AIX hosts, SSH logins are authenticated on the system by using the RSA-based authentication that is supported in the OpenSSH client that is available for AIX. This scheme is based on the supplied password (or if you require command-line access without entering a password, then public-key cryptography is used) by using an algorithm that is known commonly as RSA.
Note: The authentication process for host systems that are not AIX is similar.

With this scheme (as in similar OpenSSH systems on other host types), the encryption, and decryption is done by using separate keys. This scheme means that it is not possible to derive the decryption key from the encryption key.

Because physical possession of the private key allows access to the system, the private key must be kept in a protected place, such as the .ssh directory on the AIX host, with restricted access permissions.

When SSH client (A) attempts to connect to SSH server (B), the SSH password (if you require command-line access without entering a password, the key pair) authenticates the connection. The key consists of two halves: the public keys and private keys. The SSH client public key is put onto SSH Server (B) using some means outside of the SSH session. When SSH client (A) tries to connect, the private key on SSH client (A) is able to authenticate with its public half on SSH server (B).

The system supports up to 32 interactive SSH sessions on the management IP address simultaneously.
Note: After one hour, a fixed SSH interactive session times out, which means the SSH session is automatically closed. This session timeout limit is not configurable.

To connect to the system, the SSH client requires a user login name and an SSH password (or if you require command-line access without entering a password, the key pair). Authenticate to the system by using a management user name and password. When you use an SSH client to access a system, you must use your user name and password. The system uses the password (and if not a password, the SSH key pair) to authorize the user who is accessing the system.

You can connect to the system by using the same user name with which you log in to the system.

For MicrosoftWindows hosts, PuTTY can be downloaded from the internet and used at no charge to provide an SSH client.

Parent topic: Command-line interface