Public key user authentication is an optional feature of the Secure Shell protocol. To configure user authentication, you must use X Manager to configure user keys and then configure the Secure Shell Server to accept these keys.
To create new user keys
Launch X Manager or X Manager for Domains.
From the
menu, selectBy default
is selected under .To store keys in the Reflection X Advantage database, leave this option selected.
To store keys in a local directory, click the plus sign (+) and select
. For , enter or browse to the local directory. Because this location contains a user's private keys it should be a location that is readable only by the user who authenticates with these keys.Click
.Specify a name that identifies the key pair you are creating.
(Optional) Change the key algorithm type and/or key length.
Enter a passphrase A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, white space, or any string of characters. Passphrases improve security by limiting access to secure objects, such as private keys and/or a key agent. for this key. You will need to enter this passphrase when the key is used for authentication.
CAUTION:To help ensure security, all user keys should be passphrase protected. If you don't specify a passphrase, the private key is stored in unencrypted form in the key store, and anyone who gains access to the key can authenticate using it. In standalone mode keys are stored on the same computer as X Manager. In domain mode, keys in the Reflection X Advantage Store are stored in the database on the domain controller and the administrator of that computer will be able to read these keys.
Retype the passphrase.
Click
The key is added to the selected key store.
To add an existing key to your key store
In the
dialog box, click .NOTE:If you are using a local directory, it is possible to copy keys manually to your directory, but using the
feature is recommended because Reflection X Advantage sets correct permissions on imported keys and ensures that the key uses a supported file format.Browse to locate the key you want to add.
For
enter the passphrase that currently protects the file. This is required to decrypt the file and import the key.Specify a
to identify this key in the User Keys list.Enter a value for
. This can be the same as the original file passphrase or different.Click
.To configure the host
From the X Manager
dialog box, select the key you just created, and then click .Specify the name and location you want to use for the exported public key file.
Specify a key file format. Two formats are available. SecSH format is used by Reflection products, F-Secure, and SSH Corporation. OpenSSH format is used in OpenSSH implementations.
Click
.Copy the public key you just exported to the public key location used by the Secure Shell server running on the host. Configure the server to allow public key authentication and to accept this key.
Procedures for doing this vary between Secure Shell servers. For details, refer to your Secure Shell server documentation.
NOTE:In the context of the Secure Shell protocol, Reflection X Advantage — an X server — acts as a client. The Secure Shell server resides on the same host that's running the X client application. Reflection X Advantage runs as a Secure Shell client that must authenticate the Secure Shell server, and must authenticate to this server as a client.