(2) Extracting the public key from the keystore into a separate file

Tutorial on configuring the SSH client

Topic - (2) Extracting the public key from the keystore into a separate file

The SSH protocol requires the public key to be stored in a plain text (that is, unencrypted) file located on the host on which the SSH server resides. However, as the previous page of this tutorial describes, the keytool program places both the public key and the private key into an entry inside a keystore file. Both the keystore file and the entry are password protected.

Therefore, you need to run an Export Public Key utility to read the public key from the keystore and place a copy of the public key into a plain text file that can be used by an SSH server.

The user interface for this Export Public Key utility is included in the Public Key Authentication group of the SSH configuration window (shown below). This group includes the following parameters:

KeyStore File Path
KeyStore Password
Public Key Alias
Public Key Alias Password

These parameters in the Public Key Authentication group of the SSH configuration window are used for two purposes, either for configuring public key authentication or for extracting a public key from a keystore.

If you click OK to close the VT Display session profile, then Host On-Demand saves the values in the Public Key Authentication group and uses these values for SSH public key authentication.
However, if you click Export Public Key (a button that is also located in the Public Key Authentication group), then the Export Public Key utility uses the values in the Public Key Authentication group to extract a public key from a keystore.

The image below shows the SSH configuration window configured to use the Export Public Key utility.

The SSH entry is selected in the left pane (see 1).
The User ID field is blank (see 2). You can leave this field blank or not when you export a public key. The Export Public Key utility does not use this value.
The Enable parameter is set to Yes (see 3). You have to set this parameter to Yes in order to enable the fields in the Public Key Authentication group.
The KeyStore File path is set to f:\tm\keys\johnkeystore (see 4). This is the keystore that was generated with keytool in the step described on the previous page.
The KeyStore Password is set to johnstorepass (displayed as *************) (see 5). This is the password for the keystore.
The Public Key Alias is set to johnkey02 (see 6). This is the alias for the public-private key pair.
The Public Key Alias Password is set to johnstorepass (displayed as *************) (see 7). This is the password for the public-private key pair. In this example, the value for the public-private key pair is the same as the value for the keystore password.
After you have filled out the parameters for extracting the public key password, click Export Public Key to start the extraction (see 8).

When you click Export Public Key to start the extraction, then Host On-Demand displays the Export Public Key window, which prompts you for two additional parameters, a path for the output file and a format for the output file. Click here to see Export Public Key window.

For some of input fields in the Public Key Authentication group, the Export Public Key utility uses a default value if the input field is left blank. Click here to learn more about the default values.