Managing User Keys
Configure Public Key Authentication
The following procedures configure client authentication using public keys.
To configure the client for public key authentication
-
Open the Reflection Secure Shell Settings dialog box.
-
From the General section, make sure that Public Key is selected under User Authentication. (If you want to ensure that only public key authentication is used, clear the other options.)
-
Select the User Keys section. In the Use column, select the key or keys you want to use to authenticate to the currently specified host.
note
To add keys to this list, see Add Keys to your User Key list.
-
Select OK.
Add Keys to Your User Keys List
The User Keys tab of the Reflection Secure Shell Settings dialog box displays a list of keys you can use for public key authentication. You can add keys to the list by creating new keys or importing existing keys.
To create a new key pair using Reflection
-
Select the User Keys section.
-
Select the Generate Key button ().
-
Specify a key type and key length.
-
Either specify a passphrase, or select No passphrase.
Warning
If you select No passphrase, the private key saved to your computer is unencrypted, and anyone who gains access to this key will be able to use it to authenticate as you.
-
Click Create.
By default, keys are created in your user ssh folder:
C:\Users\username\Documents\Micro Focus\Security.ssh
Comparable files are placed in the $HOME directory on UNIX systems. The default private key name identifies the key type, size, and the client host name. The public key is saved to the same location using the private key name with an added
*.pub
file extension.
To create a new key pair using the Key Agent
-
Start and unlock the Reflection Key Agent. (From the Windows Start menu, go to Programs > Micro Focus Reflection > Key Agent.)
-
Select Generate Keys.
-
Specify a key name, key type, and key length, and select OK.
note
Keys you create using the Key Agent are stored by the agent in encrypted form.
To Import keys into the Reflection key store
-
Open the Reflection Secure Shell Settings dialog box.
-
Select the User Keys section.
-
Select Import ().
-
Browse to locate the private key you want to import. Each key pair includes two files, one with a
*.pub
extension and one with no file extension. The private key is the file with no extension.note
Imported keys are copied to the Reflection key store located in your user ssh folder
C:\Users\username\Documents\Micro Focus\Security.ssh
Comparable files are placed in the $HOME directory on UNIX systems.
Upload Client Public Keys to the Server
Use the Upload button () on the User Keys tab to upload a public key to the Secure Shell server. The public key is transferred using the secure SFTP protocol. You will need the ability to use password authentication (or another authentication method) in order to upload the public key. Once the public key is successfully uploaded, you may disable other authentication methods.
To upload a key
-
Open the Reflection Secure Shell Settings dialog box.
-
Select a key from the User Keys section and click Upload (). (The Upload button is not available if no key is selected, or if you have selected a certificate.)
-
If prompted, enter the host name, the name of the user who will authenticate, and the user password.
-
After the secure connection to the host has been established, a dialog box appears, displaying information about where on the host Reflection will upload this key. In most cases you do not need to change these settings. See the notes below for more information.
The Upload Public Key dialog box displays information about the transfer.
-
Click OK to close this dialog box.
note
-
Keys uploaded to hosts running Reflection for Secure IT, F-Secure, and SSH Communications (SSH Tectia) servers are exported using RFC 4716 compliant format. By default these are installed to the user's
.ssh2
directory and an appropriate Key entry is made in theauthorization
file. If this file did not previously exist, it is created and given appropriate file permissions. -
Keys uploaded to hosts running OpenSSH servers are exported using OPENSSH format. By default they are added to the
authorized_keys
file located in the user's.ssh
directory. If this file did not previously exist, it is created and given appropriate file permissions.
-
Change a User Key Passphrase
You can change the passphrase used to protect a user key.
To change the passphrase
-
Open the Reflection Secure Shell Settings dialog box.
-
Select the User Keys tab and select a key from the list.
-
Select Change Passphrase.
This button is not available if a key is not selected, or if you have selected a certificate managed by either the Reflection Certificate Manager or the Windows Certificate Manager.
Export a User Key
Use the procedure below to export your user keys to a new location and/or format.
note
If you want to upload a public key to a Secure Shell server, you do not need to use this procedure. Use the Upload button to do this in a single step. Reflection automatically determines the correct key format for the server you specify. See Uploading Keys to the Server for more information.
To export a key
-
Open the Reflection Secure Shell Settings dialog box.
-
From the User Keys section, select a key and click Export. (This button is not available if no key is selected, or if you have selected a certificate managed by either the Reflection Certificate Manager or the Windows Certificate Manager.)
-
Enter the passphrase for the selected key.
-
(Optional)
To Do this Include the private key in the export Select Export Private Key. Export the key in OpenSSH format Select Save in OpenSSH format. -
From the Public Key Filename dialog box, specify a name and location for the exported key.
-
Select Save.