System Configuration - SSL and SSH - SSH - Client Keys - Import

Some users may be able to provide their SSH key fingerprints in advance. For example, most *nix users may use the "ssh-keygen -l" command to display their SSH fingerprint.

sshenduser@slackwarelinux:~$ ssh-keygen -l
Enter file in which the key is (/home/sshenduser/.ssh/id_rsa):
1024 67:df:5d:34:b3:d3:1b:8e:4b:20:6c:24:a3:df:23:cc /home/sshenduser/.ssh/id_rsa.pub

In other cases, users may only provide the public key itself. To manually add MD5 fingerprints or public keys provided by an end user, go to the User Profile page and click on the "SSH Policy" link.

sshkey_user.gif (29260 bytes)

Then, scroll down to the "Current SSH Keys" section and click on "Add (manually)".

ssh_key_addimport.gif (5308 bytes)

Next type (or hopefully, paste) the fingerprint or the entire SSH client's key into the text box provided.

ssh_key_addbyhand.gif (22464 bytes)

If a valid key was provided, MOVEit DMZ will display a success message and list the key in the "Current SSH Keys" section. As you can see, a single user may be associated with multiple SSH keys; this is especially useful if a user may be using the same username from multiple machines.

ssh_key_addedbyhandOK.gif (6276 bytes)

As an alternative, if you have the SSH key in a file on your PC, you can upload it directly by clicking on "Import". Enter or browse to the SSH key file and press the "Import SSH Key" button. A successful import will display in the "Current SSH Keys" section.

ssh_key_import.gif (5935 bytes)

Finally, to make sure the key will be solicited from the SSH client and/or that the key will be a required credential, see the "Edit SSH Policy" section and check the boxes appropriately.

If you plan on using OpenSSH in batch mode, you should use the following settings (require_key = yes, require_pass_with_key = no). If you want to enforce "two-factor" authentication, enable all of the following settings (require_key = yes, require_pass_with_key = yes).

ssh_key_settings.gif (8062 bytes)

For detailed information about configuring the SSH Keys policy, please also see the Interface Policy documentation page.