HOW TO: Create and Import an SSH key to the PGP Universal Server 2.x using Mac OS X

Article:TECH149294  |  Created: 2009-02-25  |  Updated: 2012-08-14  |  Article URL http://www.symantec.com/docs/TECH149294
Article Type
Technical Solution


Issue



This article details the steps to setup SSH access to a PGP Universal Server 2.x using Mac OS X.

 


Solution



A SuperUser Administrator account has the ability to import an SSHv2 public key, the corresponding private key can then be used to authenticate remotely via an SSH session.

 This enables an administrator to establish root, command-line access to the PGP Universal Server. Thereby allowing you to perform various administrative tasks that cannot otherwise be performed through server's browser-based administrative interface.
 

Warning: Establishing root access to your PGP Universal Server(s) may violate your support warranty with Symantec Corporation, and could lead to system instability. You should not establish root access to your PGP Universal Server(s) unless directed to do so by Symantec Technical Support.


Use the instructions below to create and import an SSH key for a SuperUser Administrator account when using a Mac.

Since Mac OS X systems include an implementation of OpenSSH, you should not need to install any additional software to create an SSH key.

To Create an SSH key: 

  1. Open the Terminal program.
  2. Generate an SSH key by typing ssh-keygen -t rsa

    When prompted for a location, press Enter to save the key in the default location.

    ~/.ssh (/users/useraccount/.ssh)

     
  3. When prompted, enter and confirm the passphrase to protect the private portion of the key.
  4. The keys are created in the ~/.ssh/ directory with the keypair named id_rsa and the public key
    named id_rsa.pub.
  5. Type cd ~/.ssh to switch the directory.

 

To Import an SSH key: 

  1. Log into the PGP Universal Server administrative interface.
  2. Click the Users card then select Administrators.
  3. Select the SuperUser administrator to which you want to add an SSH key.
  4. Click the Plus sign icon next to SSHv2 Key:. The Update SSH Public Key is displayed.
  5. In the Terminal window on the Mac, type ls to view all of the files in the cd ~/.ssh directory. The files for the keys created previously are listed.
  6. type cat id_rsa.pub (or the name you specified for your key). The key block for your key is displayed. The key block similar to the key block below.

    ssh-rsa
    dk3jfldB3NzaC1yc2EAAAABIwAAAQEArtQklkLrHVOu2ztjcwbNMDxWBIYEZDReKgquI5/cbHP3Y6frvj/5fQmZifmlzQ
    54Z1yFotaeIcmx/8OPcwXi7AI32BPiNn1lZQNl2dnC+cCmxhYIkG2D8OCQc9npuXuamRJXTwDW6/ZfR1upeU/HywQ2wFu
    Lt974IUja31ewVZKLZV9h+fIiUlJLnPRuIzkcSZ2BExF89aYOa0CMBTTACDAHodqRGCTwMTgDbbU8t3vhUe74TIiHAUpK
    zX4X6aUoak1fmzITqNfnhYnXENZrGFIVzxL+LytFyE2dHbrTEiAE/QshMVSsvshMZFbq0jmd0n 6dfjk3lsatL3HEjp==


     
  7. Copy the entire key block.
  8. On the server in the Update SSH Public Key, select the Import Key Block radio button and paste the key block into the window.
  9. Click the Import button. Your SSHv2 key is displayed on the SuperUser account.

After importing an SSHv2 key to a SuperUser account, you can access the server via SSH by typing the following:

ssh root@keys.domain.com

Then enter the passphrase for your key.

Accessing the PGP Universal Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to the PGP Universal Server via the command line must be: 

  • Authorized in writing by Symantec Technical Support or published as an approved and documented process on the Symantec Knowledge Base.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server itself.
Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on the PGP Universal Server back to a default state when troubleshooting new issues.


Legacy ID



1204


Article URL http://www.symantec.com/docs/TECH149294


Terms of use for this information are found in Legal Notices