Generating a New Key

Warning:  A given user can only have one SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. in Keyfactor Command. Generating a new key pair removes the existing key pair from Keyfactor Command, if one exists. This means any mappings between the Keyfactor user and Linux logon accounts will be updated with the public keyClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. from the new key pair. This essentially invalidates the user's previous private keyClosed Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. for servers managed with the Keyfactor Bash OrchestratorClosed The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise.. Although the Generate button is not active for users who already have a key pair, the Rotate button will also remove the existing key pair.

To generate a new SSH key pair:

  1. In the Management Portal, browse to SSH > My SSH Key.
  2. On the My SSH Key page, click Generate.

    Figure 299: Generate an SSH Key Pair

  3. In the Key Information section of the Generate dialog, select a Key Type in the dropdown (see Key Type).
  4. In the Key Information section, select a Key Length in the dropdown (see Key Length). The available key lengths will vary depending upon the option selected in the Key Type dropdown.
  5. In the User Information section, confirm that the displayed Username matches the Active Directory user name you wish to associate with your key. This field defaults to your logged in username and cannot be edited.
  6. In the User Information section, enter an Email address. This address is used for key rotation alerts (see Key Rotation Alerts). This field is required.
  7. In the User Information section, enter a Passphrase to encrypt the downloaded copy of the private key of the key pair. You will need to provide this passphrase again when you use the private key to connect via SSH. By default, the minimum password length is 12 characters (see the SSH Key Password setting in Application Settings: SSH Tab). This field is required.
    Tip:  Your private key downloads immediately at the conclusion of the generation process, encrypted with this passphrase. You may later download the private key again from this same page and encrypt it with a different passphrase, if desired.
  8. In the Key Comment section, enter a Comment to include with the key. This field is optional.
    Tip:  Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may contain any characters supported for string fields, including spaces and most punctuation marks.
  9. Click Save to create the key pair.
Tip:  Once the key pair is generated, the user needs to download the private key as an encrypted file and store it locally and an administrator needs to use Keyfactor Command to associate the user's Keyfactor user account with his or her Linux logon account on the target server that the user wishes to access via SSH. After this is complete and the orchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. has published the user's public key to the target server, the user may connect via SSH to the target server using the new private key for authentication. For more information, see SSH.