Creating SSH Keys

When configuring SSH tunnels for connecting to databases like MySQL or PostgreSQL, authentication needs to be done against the SSH server. This can be done via either user name and password authentication, or by using key based authentication. Key based authentication gives the user the ability to login without a password. To authenticate using key based authentication, a key pair needs to be generated. Information on how to generate the key pair is listed below.

Generating the SSH Key Pair Files

A tool called ssh-keygen can be used to generate the key files. This tool is included by default in Mac OS X and most Linux distributions via the OpenSSH software package. OpenSSH is not included on Windows systems, but there are freely available OpenSSH for Windows installers available on the Internet.

To generate the keys, first open a terminal window or command prompt. On Mac OS X and Linux / Unix systems, the ssh-keygen program should be available in your PATH. On Windows, you would generally need to change directory to the bin directory of the OpenSSH installation.

Once the terminal window or command prompt has been opened and you have changed to the appropriate directory, the following command can be executed:

ssh-keygen

You will be prompted for which file to save the key to. The default location is generally appropriate.

You will then be prompted for whether or not to enter a passphrase to protect the key file. Entering a passphrase is more secure. If you do not wish to enter a passphrase, simply press return / enter at the prompt.

At this point, ssh-keygen will generate two files - key_file_name and key_file_name.pub

The public key file is the file that ends with ".pub". This file needs to be added to the authorized_keys file on the SSH server. If an authorized key file does not already exist on the server, the following command can be executed on the server:

cp key_file_name.pub location_of_authorized_key_file

If the authorized_keys files already exists, use the following command to append the key to the file:

cat key_file_name.pub >> location_of_authorized_key_file

At this point, the public key file has been added to the server, and the private key file is located on the client machine. You should now be able to connect to the SSH server without using a password.

When setting up the SSH Tunnel in the Add Connection Profile screen in RazorSQL, you can browse to the location of the private key file instead of entering an SSH password. If your private key file was set up with a passphrase, the passphrase should be entered in the "SSH Password" field.

After clicking the connect button to make the database connection, RazorSQL will use the key file to authenticate to the SSH server instead of a user name and password combination.