- 3 minutes to read
- Print
- DarkLight
- PDF
How to set up an SSH key
- 3 minutes to read
- Print
- DarkLight
- PDF
How to manage SSH keys
Using an SSH key as an authentication method is a safer alternative to password-based logins. These keys consist of a pair of keys, one public and one private, that will be used to establish an encrypted connection between the client and the server.
The SSH key change process ensures convenience and security, as when generating a new SSH key, the senhasegura plugin automates the key generation and copies the public key to the primary device. It is on this device that the SSH key is registered.
The private key is kept exclusively on senhasegura, ensuring adequate protection.
Requirements
- An RSA-type SSH key. To generate the key, type in the following command line terminal:
ssh-keygen -t RSA -m PEM
.
It's important to note that when running the ssh-copy-id
command, only the public key is copied to the devices, while the private key remains in senhasegura.
Configure an SSH key in senhasegura
- On senhasegura, in the top left corner, click the Grid Menu, indicated by the nine squares, and select PAM Core.
- In the side menu, select Credentials > SSH Keys > SSH Keys.
- Click View Actions, identified by the three vertical dots icon, and select + New.
In the SSH key registration window, configure your SSH key. Follow the steps below:
Information tab
- Username (key owner): fill in the username associated with the SSH key.
- Device: select the device that will hold the SSH key.
- Key name: fill in an identification name for tracking details, views, and other appearances in senhasegura.
- Status: select Enabled or Disabled
- Tags: add tags to facilitate filter searches.
Key Data tab
- Set a current password: enable Set current password and enter its value in the Password field if the key has a password.
- Show password: select to show the password.
- Renew the key and set a password?: indicate whether you want to set a password when automatic renewal is activated. By default, this option is set to Yes.
Add the SSH key on the Private Key and Public Key to perform the registration.
Session Settings tab
- Restrict Access to Remote Application Only: check this option so that only remote applications enrolled on the target device with this setting have access using this SSH key.
- Automation Macro (RemoteApp): click the plus icon next to Automation macro (RemoteApp) to add two drop-down menus. In these two menus, you’ll select which RemoteApp macros are bound to the SSH key by selecting the Macro and the Connectivity.
- Using own credential to connect: select to use the same key to authenticate into the target device.
- Authentication credential: fill in the IP address, hostname, or username of the credential used.
- Authentication device: fill in the IP address or hostname of the device used.
Additional settings section
- User credential owner: in the drop-down menu, select the user who owns the credential.
- SSH key renewal configuration:
- Enable automatic change: enable this option to have the password renewed automatically.
- Use the key itself to connect: select the key currently being created/edited.
- Credential or SSH key for authentication: choose the device that holds the authentication key from the drop-down menu. This option is only available if the Use the key itself to connect option is disabled
- Only the user who owns the credential can retrieve the certificate, see its password, and use it in proxy sessions. Note that this user will always have access to the key.
- The Use the key itself to connect field and the Credential or SSH key for authentication drop-down menu are only enabled if the Enable automatic change option is enabled.
Devices tab
- On Devices, select the devices for which you want to allow the key to be used to start a proxy session. To do this, follow the steps below:
- Click the plus icon, to open the Devices modal.
- On the Devices modal, select the devices you want to link to the SSH key.
- Click Add.
- Click Save.
If there are multiple devices registered for connection with the mentioned SSH key, they will be sorted based on their respective IDs. The key change will occur first on the original device and then proceed in the order of the IDs, one at a time.
Do you still have questions? Reach out to the senhasegura Community.