SSH Tectia
Home Prev Up Next  

Uploading the Public Key Manually

To enable public-key authentication with your key pair:

  1. (Optional) Create a file called identification, on Unix in your $HOME/.ssh2 directory, or on Windows in your "%USERPROFILE%\Application Data\SSH\UserKeys" directory.

    Edit it with your favorite text editor to include the following line (replace id_dsa_2048_a with the filename of the private key):

    IdKey     id_dsa_2048_a

    With SSH Tectia Client 5.x, using the identification file is not necessary if all your keys are stored in the default directory and you allow all of them to be used for public-key and/or certificate authentication. If the identification file does not exist, the Connection Broker attempts to use each key found in the $HOME/.ssh2 directory on Unix or in the "%USERPROFILE%\Application Data\SSH\UserKeys" directory on Windows.

    On Windows, you can also add other directory locations on the Keys and Certificates page of the SSH Tectia Configuration tool. See Managing Keys and Certificates. On Unix, you can use the key-store element in the ssh-broker-config.xml file. See the section called “Key Store Configuration Examples”.

  2. Connect to Server using some other authentication method.

  3. Depending on the server version, do the following:

    • On SSH Tectia Server 5.x, use SFTP to upload your public key (for example, id_dsa_2048_a.pub) to the server, to your authorized_keys directory (by default $HOME/.ssh2/authorized_keys on Unix servers, or %USERPROFILE%\.ssh2\authorized_keys on Windows servers).

    • SSH Tectia Server 4.x (or older) requires an authorization file stored in the .ssh2 directory. The authorization file specifies the public keys that are authorized for login. The authorization file may be optionally used with SSH Tectia Server 5.x as well.

      Use SFTP to upload your public key to the server (by default to the $HOME/.ssh2 directory on Unix servers, or to the %USERPROFILE%\.ssh2 directory on Windows servers) and edit the authorization file.

      An example file is shown below (by default $HOME/.ssh2/authorization on Unix servers, or %USERPROFILE%\.ssh2\authorization on Windows servers):

      Key     id_dsa_2048_a.pub

      This directs SSH Tectia Server to use id_dsa_2048_a.pub as a valid public key when authorizing your login.

    • On OpenSSH server, you must convert the key to the OpenSSH public-key file format.

      Use STFP to upload the public to the OpenSSH server, to your $HOME/.ssh directory.

      Convert the public key to the OpenSSH public key file format on the server and append it to your ~/.ssh/authorized_keys file. This can be done with the following command:

      $ ssh-keygen -i -f id_dsa_2048_a.pub >> authorized_keys

  4. Make sure that public-key authentication is allowed in the ssh-broker-config.xml file (it is allowed by default). The configuration file should contain an authentication-method element line like the following:

    <authentication-methods>
  <authentication-method name="publickey" />
...
</authentication-methods>

    Other authentication methods can be listed in the configuration file as well. Place the least interactive method first.

Assuming Server is configured to allow public-key authentication to your account, you should now be able to log in from Client to Server using public-key authentication.

Try to log in:

Client$ sshg3 Server

You should be prompted for the passphrase of the private key. After you have entered the passphrase, a Secure Shell connection will be established.

Home Prev Up Next  

Copyright 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information