action.skip

Configure User Key Authentication

Public key user authentication is an optional feature of the Secure Shell protocol. To configure user authentication, you must use X Manager to configure user keys and then configure the Secure Shell Server to accept these keys.

To create new user keys

  1. Launch X Manager or X Manager for Domains.

  2. From the Tools menu, select Secure Shell User Keys.

  3. By default Reflection X Store is selected under User Key Sources.

    • To store keys in the Reflection X database, leave this option selected.

    • To store keys in a local directory, click the plus sign (+) and select Add local directory. For Directory, enter or browse to the local directory. Because this location contains a user's private keys it should be a location that is readable only by the user who authenticates with these keys.

  4. Click Generate.

  5. Specify a name that identifies the key pair you are creating.

  6. (Optional) Change the key algorithm type and/or key length.

  7. Enter a passphrase for this key. You will need to enter this passphrase when the key is used for authentication.

    note

    A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, white space, or any string of characters. Passphrases improve security by limiting access to secure objects, such as private keys and/or a key agent.

    caution

    To help ensure security, all user keys should be passphrase protected. If you don't specify a passphrase, the private key is stored in unencrypted form in the key store, and anyone who gains access to the key can authenticate using it. In standalone mode keys are stored on the same computer as X Manager. In domain mode, keys in the Reflection X Store are stored in the database on the domain controller and the administrator of that computer will be able to read these keys.

  8. Retype the passphrase.

  9. Click OK.

    The key is added to the selected key store.

To add an existing key to your key store

  1. In the Secure Shell User Keys dialog box, click Import.

    note

    If you are using a local directory, it is possible to copy keys manually to your directory, but using the Import feature is recommended because Reflection X sets correct permissions on imported keys and ensures that the key uses a supported file format.

  2. Browse to locate the key you want to add.

  3. For File passphrase enter the passphrase that currently protects the file. This is required to decrypt the file and import the key.

  4. Specify a Key name to identify this key in the User Keys list.

  5. Enter a value for Key passphrase. This can be the same as the original file passphrase or different.

  6. Click Import.

To configure the host

  1. From the X Manager Secure Shell User Keys dialog box, select the key you just created, and then click Export.

  2. Specify the name and location you want to use for the exported public key file.

  3. Specify a key file format. Two formats are available. SecSH format is used by Reflection products, F-Secure, and SSH Corporation. OpenSSH format is used in OpenSSH implementations.

  4. Click Export.

  5. Copy the public key you just exported to the public key location used by the Secure Shell server running on the host. Configure the server to allow public key authentication and to accept this key.

    Procedures for doing this vary between Secure Shell servers. For details, refer to your Secure Shell server documentation.

    note

    In the context of the Secure Shell protocol, Reflection X—an X server—acts as a client. The Secure Shell server resides on the same host that's running the X client application. Reflection X runs as a Secure Shell client that must authenticate the Secure Shell server, and must authenticate to this server as a client.

More information