Access PGP Universal Server 3.x using PuTTY
|Article:TECH149673|||||Created: 2009-12-21|||||Updated: 2012-08-14|||||Article URL http://www.symantec.com/docs/TECH149673|
To gain command line access to a PGP Universal Server, you will need to create an SSH key. You can do this using a utility such as PuTTYgen to create an SSH key and PuTTY to log in to the command line interface. This article details how to utilize PuTTYgen and PuTTY to access a PGP Universal Server.
PuTTY is a freeware suite of SSH tools. The PuTTY suite includes PuTTYgen, PuTTY, PSFTP, and Pageant the PuTTY authentication agent. The PuTTYgen and PuTTY.exe files are also available to be downloaded separately.
Accessing the PGP Universal Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.
Any changes made to the PGP Universal Server via the command line must be:
- Authorized in writing by Symantec Technical Support or published as an approved and documented process on the Symantec Knowledge Base.
- Implemented by a Symantec Partner, reseller or Symantec Technical Support.
- Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server itself.
Note: Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on the PGP Universal Server back to a default state when troubleshooting new issues.
To create an SSH keypair using PuTTYgen
These steps assume the entire suite of PuTTY utilities is installed on the computer. The following steps may also be performed using the separately downloaded PuTTYgen.exe and PuTTY files.
- Open PuTTYgen from the Start menu.
- Confirm the Parameters (at the bottom of the PuTTY Key Generator window) for the type of key to generate. The parameters of the key must utilize one of the SSH2 options. We recommend that you choose SSH-2 RSA (the default). Set the Number of bits to 2048
- Create a key pair by clicking on the Generate button in the Actions section. Generate some randomness for the key by moving the mouse over the blank area.
- After the key generation is complete, copy the public key block from PuTTY window into PGP Universal Server admin account by performing the following:
- Copy the public key from the clipboard window in the PuTTY Key Generator where it says "Public key for pasting into OpenSSH authorized_keys file:"
- Log in as a superuser to the PGP Universal Server admin interface.
- Select the System > Administrators card then click on a superuser account. Please note: It does require them to be a superuser administrator to use SSH access. Other roles are not supported.
- Click the plus + sign at the end of the SSHv2 Key line. This will bring up a window that displays Update SSH Public Key.
- Click the Import Key Block radio button and paste the public key block that you just generated with PuTTYgen directly into this block and click the Import button.
- After you upload the key block you will notice the hex fingerprint of the key will now show up in SSHv2 Key line. You can verify that the fingerprint matches the fingerprint found in the Key fingerprint line on PuTTY Key Generator to verify that the key was imported succesfully
- Click Save and close the administrative interface.
- Next go back to your desktop and save the public and private key within PuTTYgen.
Note: The minimum key size when generating a key is 1024 bit. Intermittently PuTTYgen may generate a 1024 bit key as a 1023 bit key due to a bug in PuTTYgen. Thereby causing the key not to work properly. The best practice is to generate a key of at least 1025 bit to avoid the potential problem. We recommend generating a key 2048 bit in length to solve this issue.
Access the PGP Universal Server using PuTTY
Use the following steps to access the command line interface.
- Open PuTTY from the Start menu.
- Enter the PGP Universal Server hostname (keys.domain.com) or IP address in the hostname field
- If not already entered, change the Port field to use port 22.
- Select the SSH radio button as the protocol.
- Click Auth (under Category>Connection>SSH)
- Browse to the private key and add the file that you saved and click Open to start a session. You will be prompted to enter a username.
- Type: root and press enter.
Article URL http://www.symantec.com/docs/TECH149673