HOW TO: Create and import an SSH key to PGP Universal Server 2.x

Article:TECH149003  |  Created: 2007-03-20  |  Updated: 2011-03-22  |  Article URL http://www.symantec.com/docs/TECH149003
Article Type
Technical Solution


Issue



This answer provides step-by-step instructions for creating and importing an SSH (Secure SHell) key for the PGP Universal Server "SuperUser" Administrator.

 


Solution




One of the unique privileges of the PGP Universal Server SuperUser Administrator is the ability to import an SSHv2 public key, whose corresponding private key can then be used to authenticate a remote, SSH session. This allows the SuperUser Administrator to establish root, command-line access to his or her PGP Universal Server, which facilitates various administrative tasks that cannot otherwise be performed through PGP Universal Server's browser-based administration console.

Follow the instructions below to create and import an SSH key for a SuperUser Administrator in your PGP Universal Server(s).
 

Warning: Establishing root access to your PGP Universal Server(s) may violate your support warranty with PGP Corporation, and could lead to system instability. You should not establish root access to your PGP Universal Server(s) unless directed to do so by Technical Support.

Any changes made to the PGP Universal Server via the command line must be: 

  • Authorized in writing by Symantec Technical Support or published as an approved and documented process on the Symantec Knowledge Base.
  • Implemented by a Symantec Partner, reseller or internal employee who is certified in the PGP Advanced Administration and Deployment Training.
  • Summarized and documented in a text file in /etc/pso on the PGP Universal Server itself.


Changes made through the command line may not persist through reboots and may be incompatible with future releases. PGP Support may also require reverting any custom configurations on the PGP Universal Server back to a default state when troubleshooting new issues


 Create an SSHv2 keypair

There are many tools that can be used to create SSH keys, however this answer provides instructions and screenshots for using a tool called PuTTYgen (version 0.59). PuTTYgen, short for "PuTTY Key Generator", is part of PuTTY: a free, client program (distributed under the MIT license) for various remote-access network protocols, including SSH. If you would like to use PuTTYgen to create an SSH key, click the following link to download it:

PuTTY - Download the PuTTY and PuTTYgen utilites.

1. Launch PuTTY Key Generator by double-clicking puttygen.exe.

2. In the Parameters section at the bottom, select SSH-2 RSA or SSH-2 DSA for the type of key to generate (PGP Universal Server will not accept an SSHv1 key).

3. Set the number of bits in the generated key to at least 2048.

4. Click Generate to begin generating your SSH key.

5. Randomly move your mouse inside the Key section until the progress bar is completely full.

6. After the key has been generated, enter and confirm a passphrase for the key.

7. Click Save private key and save the private key to a file location (you'll need this private key file to authenticate your SSH session later).

8. Do not click Save public key doing so changes the key material in such a way that it cannot be imported into PGP Universal Server later. Instead, save the public key by doing the following:

   a. Copy the public key directly from the PuTTY Key Generator window (highlight the entire public key, then right-click on it and select Copy).

   b. Open a text editor (such as Notepad) and paste the public key (right-click inside the text editor and click Paste).

   c. As with the private key, save the public key to a location you won't forget.

 

Import the public key to PGP Universal Server

1. Login to the PGP Universal Server administration console as a SuperUser.

2. Select the Users>Administrators card and click your SuperUser account.

3. Click the Add SSHv2 Key button to the right of the SSHv2 Key field.

4. Browse to your SSH public key file (or copy/paste its key block) and click Import.

5. Click Save to close the Administrator Settings window.

 

Note: When accessing the PGP Universal Server via the command line using an SSH key, you will need to use root as the login user.

 

Access the PGP Universal Server using PuTTY

Use the following steps to access the command line interface. 

  1. Open PuTTY from the Start menu.
  2. Enter the PGP Universal Server hostname (keys.domain.com) or IP address in the hostname field
  3. If not already entered, change the Port field to use port 22.
  4. Select the SSH radio button as the protocol.
  5. Click Auth (under Category>Connection>SSH)
  6. Browse to the private key and add the file that you saved and click Open to start a session. You will be prompted to enter a username. 
  7. Type: root and press Enter.

 

  • If your public key is not accepted by the PGP Universal Server when you are trying to paste it in from the PuTTYgen window, make sure you are not accidentally adding whitespace when pasting the keyblock. If it still doesn't work go through the entire key generation process again. From within Puttygen make sure you have clicked at the very bottom: SSH-2 for the type of key to generate.
  • The first time you log on to a PGP Universal Server with PuTTY you will be given a security warning, this is normal, just click yes and proceed as above.
  • Saving your session for future use:

    You may want to go back to the (Category->session) tab and type a descriptive name in the box directly under the words Saved Sessions. If you do this and click Save you will notice that the name you typed appears in the larger box as a Saved Session. Now you will be able to access your configured logon for this PGP Universal Server in the future just by double-clicking on the saved session name.


 



Legacy ID



718


Article URL http://www.symantec.com/docs/TECH149003


Terms of use for this information are found in Legal Notices