SSH Authentication Options


You can enable authentication in two ways; interactively using the Design Tool or using model variables in the Session Server and Design Tool.

To authenticate using model variables, see Using Model Variables for SSH Authentication. This is the preferred option.

If you have not configured authentication using model variables in the Design Tool, you are prompted to specify the authentication values:

Password

Specify the login username and password for that user on the SSH server host. The password is sent to the host through the encrypted channel.

Public key and Private key

Specify the username, passphrase, and location of the public and private key files.

Relies upon public/private key pairs. Public keys and private keys are pairs of cryptographic keys that are used to encrypt or decrypt data. Data encrypted with the public key can only be decrypted with the private key; and data encrypted with the private key can only be decrypted with the public key.

To configure public key authentication, each client user needs to create a key pair and upload the public key to the server. If the key is protected by a passphrase, the client user is prompted to enter that passphrase to complete the connection using public key authentication. Public keys are not sensitive information and may be known to anybody, whereas the private key is protected very carefully by a strong passphrase.

If you are using utility ssh-keygen to create the private and public key for SSH, be aware that the newer ssh-keygen versions default to an OpenSSH format to generate private keys. This is not supported by VHI. The public/private key pair must be in PEM format. Verify that the header of the private key contains the text, RSA PRIVATE KEY.

You can convert keys with OpenSSH private key format using ssh-keygen to the old PEM format. Use the command ssh-keygen -m PEM -t rsa to generate the files id_rsa and id_rsa_pub in the correct format.

SSH agent

Specify the username.

SSH agent is a program to hold private keys used for public key authentication (RSA, DSA). Host Integrator connects to the agent for authentication.

The SSH agent:

If you plan to authenticate using public keys, before you configure Host Integrator:

  1. Verify that the SSH agent you are using is available and configured on either your Windows or Unix system
  2. Start the SSH agent and specify the location of the private key file. When the keys require a passphrase that should be entered as well. The agent is now running as a daemon at the background.
The key data must be in OpenSSH format. Remove any new lines, comments, or other data. Whatever tool you use to create the private key, must be used to export the key to OpenSSH format.
If the public key is in SSH2 (SECSH) format, run the following OpenSSH command to convert the certificate from SSH2 to OpenSSH:
ssh-keygen -i -f ~/.ssh/id_dsa.ssh2.pub > ~/.ssh/id_dsa.pub.

On each of the authentication dialog boxes you can enable the option Remember values. When selected, the values you entered are assigned to the associated model variables.

 

Related Topics
Bullet Using SSH: Overview
Bullet Using Model Variables for SSH Authentication
Bullet Public Key Authentication
Bullet Configuring a VT session
Bullet Advanced VT SSH Options