HOW TO: Create and import an SSH key to PGP Universal Server 3.x
|Article:TECH149003|||||Created: 2007-03-20|||||Updated: 2014-09-11|||||Article URL http://www.symantec.com/docs/TECH149003|
This answer provides step-by-step instructions for creating and importing an SSH (Secure SHell) key for the PGP Universal Server "SuperUser" Administrator.
One of the unique privileges of the PGP Universal Server SuperUser Administrator is the ability to import an SSHv2 public key, whose corresponding private key can then be used to authenticate a remote, SSH session. This allows the SuperUser Administrator to establish root, command-line access to his or her PGP Universal Server, which facilitates various administrative tasks that cannot otherwise be performed through PGP Universal Server's browser-based administration console.
Follow the instructions below to create and import an SSH key for a SuperUser Administrator in your PGP Universal Server(s).
Warning: Establishing root access to your PGP Universal Server(s) may violate your support warranty with PGP Corporation, and could lead to system instability. You should not establish root access to your PGP Universal Server(s) unless directed to do so by Technical Support.
Any changes made to the PGP Universal Server via the command line must be:
Create an SSHv2 keypair
There are many tools that can be used to create SSH keys, however this answer provides instructions and screenshots for using a tool called PuTTYgen (version 0.59). PuTTYgen, short for "PuTTY Key Generator", is part of PuTTY: a free, client program (distributed under the MIT license) for various remote-access network protocols, including SSH. If you would like to use PuTTYgen to create an SSH key, click the following link to download it:
PuTTY - Download the PuTTY and PuTTYgen utilites.
1. Launch PuTTY Key Generator by double-clicking puttygen.exe.
2. In the Parameters section at the bottom, select SSH-2 RSA or SSH-2 DSA for the type of key to generate (PGP Universal Server will not accept an SSHv1 key).
3. Set the number of bits in the generated key to at least 2048.
4. Click Generate to begin generating your SSH key.
5. Randomly move your mouse inside the Key section until the progress bar is completely full.
6. After the key has been generated, enter and confirm a passphrase for the key.
7. Click Save private key and save the private key to a file location (you'll need this private key file to authenticate your SSH session later).
8. Do not click Save public key doing so changes the key material in such a way that it cannot be imported into PGP Universal Server later. Instead, save the public key by doing the following:
a. Copy the public key directly from the PuTTY Key Generator window (highlight the entire public key, then right-click on it and select Copy).
b. Open a text editor (such as Notepad) and paste the public key (right-click inside the text editor and click Paste).
c. As with the private key, save the public key to a location you won't forget.
Import the public key to PGP Universal Server
1. Login to the PGP Universal Server administration console as a SuperUser.
2. Select the System>Administrators card and click your SuperUser account.
3. Click the + sign, Add SSHv2 Key button to the right of the SSHv2 Key field.
4. Browse to your SSH public key file (or copy/paste its key block) and click Import.
5. Click Save to close the Administrator Settings window.
|Note: When accessing the PGP Universal Server via the command line using an SSH key, you will need to use root as the login user.|
Access the PGP Universal Server using PuTTY
Use the following steps to access the command line interface.
- Open PuTTY from the Start menu.
- Enter the PGP Universal Server hostname (keys.domain.com) or IP address in the hostname field
- If not already entered, change the Port field to use port 22.
- Select the SSH radio button as the protocol.
- Click Auth (under Category>Connection>SSH)
- Browse to the private key and add the file that you saved and click Open to start a session. You will be prompted to enter a username.
- Type: root and press Enter.
Article URL http://www.symantec.com/docs/TECH149003