Using a SSH Communications’ client key for a VShell SSH server is quite sim- ple. Since VShell SSH servers accept the SSH Communications’ SSH2 key for- mat, it is not necessary to convert SSH Communications’ keys to any other format, which saves valuable time and a lot of potential headache! VShell
3. From the client machine, connect to the VShell SSH server with the following syntax.
ssh2 <VShell Server> -p 22 –i identification –l <username on VShell server>
ssh <VShell Server> -p 22 –i OpenSSHPrivatekey –l <username on VShell server>
Using the previous example, with id_dsa_2048_a and the SSH Communica- tions’ key and id_dsa_2048_a_Open as the converted OpenSSH client key, complete the following steps to authenticate to the VShell SSH server.
SSH Communications’ Client Key
ssh2 VshellServer –p 22 –i identification –l <username> Enter passphrase for key ‘<username>:
Authenticated with partial success Shreya@VshellServer’s password: C:\
OpenSSH Convert Client Key
ssh VshellServer –p 22 –i id_dsa_2048_a_Open –l <username> Enter passphrase for key ‘<username>:
Authenticated with partial success Shreya@VshellServer’s password: C:\
Notice that after the key is authenticated, VShell asks for a password on the VShell server. This happens only if both the password and public-key check- boxes are required on the VShell server. If public key was the only required authentication method, a password prompt would not occur; however, this is a great method of enforcing two-factor authentication, which should be required for management purposes.
2. From the Menu bar, select Edit ➪Settings.
3. In the Settings display, there should be a User Authentication section. Under the User Authentication section, there is a subcategory called Keys. Select the Keys subcategory.
4. At this point, you should see a screen similar to Figure 4.8.
5. To generate a new public and private-key pair, select the option that says Generate New...
6. The wizard should be displayed, describing the process of creating a key pair. After you have read the description, select Next.
7. The Key Properties screen should appear next. This screen gives you the option of selecting a DSA or RSA key type and the key length you would like to use. In general, the better the key length, the stronger the security; however, the greater the performance hit you will have to accept. After selecting the type of key and the key length, select Next. 8. The Generation screen should appear next. This screen initiates the
process of actually creating the key. The key-generation process can take several minutes. Once the process is completed, select Next. 9. The Enter Passphrase screen should appear next. This screen allows
you to enter a name for the public and private-key pair, a comment for description purposes only, and a passphrase to protect the private key. Enter your preferred file name, such as your username, a comment, and a passphrase that is difficult to guess but easy to remember. After enter- ing this information, select Next. (Note that if the passphrases do not match, the Next option will not be enabled. Make sure your
passphrases match before attempting to select Next.)
10. The Finish screen should appear next. At this stage, the public and pri- vate keys have been generated and stored to your local machine. At this point, you have the option of uploading your public key to the SSH server if a valid connection currently exists. If a valid connection exists (meaning you connected to the SSH server before starting the key- generation procedure), select Upload Public Key; however, you will be uploading the key to multiple SSH servers later in this section, so select Finish and skip to Step 13 if you wish to skip this step.
Figure 4.8 Keys subcategory for SSH Communications’ SSH client.
11. After selecting Upload Public Key, a new display should appear. The display should contain the name of the public key, the destination folder for the key to be placed, which is the folder on the SSH server to place the key, most likely /home/user/.ssh2, and the authorization file to add the key to, such as authorization. After verifying that all the items are correct, select Upload.
12. After selecting Upload, you will see a successful completion of the upload, where you can select finish; however, if you want to require the use of public keys only, you will have to go back and edit the
sshd2_config file to require only the use of public keys and to delete password or host-based authentication. Also, if you receive an error in the upload process, probably the SSH server you are attempting to con- nect to is not a SSH Communications’ SSH server, so the key-converting process will have to be followed, listed as follows.
13. At this point, you should be redirected to the initial Key subcategory screen. To confirm that the keys have been generated appropriately, browse to Documents and Settings\<username>\Application
Data\SSH\UserKeys. There should be both the public key (*.pub) and private key located in this folder. Also, the Key subcategory screen should appear with the newly generated key in the Keys field, as shown in Figure 4.9.
Figure 4.9 The private-key file name in SSH Communications’ SSH client.
After the creation process has been completed, the process of uploading the public key is next. The following section demonstrates how to upload a SSH Communications’ SSH client public-key and private-key pair to a SSH Communications’ SSH server, an OpenSSH server, and a VanDyke VShell SSH server.