ctmkeygen
The ctmkeygen utility generates SSH private and public key pairs.
When creating or modifying the job owner definition, you can choose to use either public or private key authentication instead of password authentication.
The ctmkeygen utility manages the key table that contains the logical key name as the unique table key, the private key, and the key passphrase (encrypted). The generated public key (unencrypted) is stored in a file.
Running the ctmkeygen Utility
This procedure describes how to run the ctmkeygen utility, which generate SSH private and public key pairs. The ctmkeygen utility can be run either in interactive mode or batch invocation.
Begin
-
Do one of the following:
-
UNIX: Log in to a Control-M/Server account
-
Windows: Open a command prompt window where Control-M/Server is installed.
-
-
Type one of the following commands:
-
For interactive mode:
ctmkeygen
The Control-M Key Generator Utility menu is displayed. The options in this menu and in all other menus provided by this utility can be selected by typing the option number or command letter and pressing <Enter>.
-
For batch mode:
Specify one of the following commands:
-
ctmkeygen -action add -name <logicalKeyName> -passphrase <keyPassphrase> -type rsa|dsa -bits 512|768|1024|2048|3072 -format openssh|ssh2 -path <publicKeyPath>
-
ctmkeygen -action update -name <logicalKeyName> -passphrase <keyPassphrase> [-type rsa|dsa] [-bits 512|768|1024|2048|3072] [-format openssh|ssh2] -path <publicKeyPath>
-
ctmkeygen -action delete -name <logicalKeyName> -passphrase <keyPassphrase>
-
ctmkeygen -action list
-
ctmkeygen -action export -filename <exportFileName>
-
ctmkeygen -action import -filename <importFileName> -data append|truncate
-
ctmkeygen help
-
-
ctmkeygen Utility Parameters
The following table describes the parameters in the ctmkeygen utility:
Parameter |
Description |
---|---|
-name |
Defines a logical name of the key that is used as a unique identifier. It also determines the name of the public key file. The name is comprised of letters, numbers, and underscores. |
-passphrase |
Defines a phrase used as a key to encrypt the key itself. |
-type |
Specifies the standard used for the key. Mandatory when used with add, optional when used with update. Valid values:
|
-bits |
Specifies the strength of the encryption key in bits. Mandatory when used with add, optional when used with update. Valid values:
|
-format |
Specifies the public key file format. It must match the format used by the SSH server. Mandatory when used with add, optional when used with update. Valid values:
|
-path |
Specifies the location where the public key file is created. |
-filename |
Specifies the public key name. The format of the file depends on what is specified for the –format parameter, described above. |
-data |
Describes what action to take with the imported data from the text file. Specify one of the following:
|
ctmkeygen Utility Actions
The following table describes the actions in the ctmkeygen utility:
Action |
Description |
---|---|
add |
Creates a new entry in the key table. It also verifies that a key with the same name does not exist. All the parameters are mandatory. |
update |
Modifies the details of an existing entry in the key table. The entry includes the same fields as used to create a new key pair. The updated entry replaces the existing entry in the key table in the database and the public key file. The passphrase must match the one that was used to create the existing key. For the optional parameters, if a value not specified, the value stored in the Control-M/Server database is used. |
delete |
Deletes the entry associated with the logical key name. The passphrase must match the one that was used to create the existing key. |
list |
Returns a list of lines, each containing: the logical key name, type, bits, and format. |
export |
Exports the details of the keys stored in the key table to a text file. ctmkeygen -action export -filename $HOME/ctm_server/data/key_details.txt |
import |
Imports the details of the keys stored in the key table. Using the import parameter enables you to:
|
help |
Displays the usage of the ctmkeygen utility. |
Copying Public Keys to the SSH Server
This procedure describes how to copy public keys to the SSH server. The public key must be copied to the SSH server. If such a file already exists on the SSH server, you must choose to either append or truncate the new file to the existing one.
Begin
-
Copy the public key to the SSH server according to the SSH server requirements:
-
For OpenSSH on UNIX, the public keys file is:
<jobOwnerHomeDirectory>/.ssh/authorized_keys
-
For SSH Tectia on UNIX, the public keys file is:
<jobOwnerHomeDirectory>/.ssh2/authorization
-
For SSH Tectia on WINDOWS, the public keys file is:
<jobOwnerHomeDirectory>\.ssh2\authorization
-
Copy Public Keys to SSH Server Example
Create an entry in the key table with the following specifications:
Parameter |
Value |
---|---|
key name |
key1 |
passphrase |
myphrase |
type |
dsa |
bits |
512 |
format |
ssh2 |
path |
/home/ctm900 |
-
Specify the following command:
ctmkeygen -action add -name key1 -passphrase myphrase -type dsa -bits 512 -format ssh2 -path /home/ctm900
The following message is displayed:
CopyCreating SSH key. Please wait...
SSH key created successfully. -
Assume that modifications are required to the key created in Example 1. To change the type to rsa, the number of bits to 1024 and the format to openssh, specify the following command:
ctmkeygen -action update -name key1 -passphrase myphrase -type rsa -bits 1024 -format openssh -path /home/ctm900
The following message is displayed:
CopyUpdating SSH key. Please wait...
SSH key update ended successfully. -
To delete the key entry created in Example 1, specify the following command:
ctmkeygen -action delete -name key1 -passphrase myphrase
The following message is displayed:
Entry deleted successfully.
-
To display a list of SSH keys in the key table, specify the following command:
ctmkeygen -action list
The following is displayed:
CopyName Type Bits Format
---- ---- ---- ------
first RSA 512 OPENSSH
mykey RSA 1024 OPENSSH
2 keys were found. -
To create an export text file containing the details of the SSH keys, specify the following command:
ctmkeygen -action export -filename /home/ctm900/my.exp
The following is displayed:
CopyExporting data, please wait...
Export ended successfully.
Check report file ~<controlm_owner>/ctm_server/proclog/export_report_5020.txt’ for details. -
To import the my.exp text file, which contains the details of the SSH keys that replaces the current information, specify the following command:
ctmkeygen -action import -filename /home/ctm900oe/my.exp -data truncate
The following message is displayed:
CopyImporting data, please wait...
Import ended successfully.
Check report file ~<controlm_owner>/ctm_server/proclog/import_report_535a.txt’ for details.