My SSH Key

On the My SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. Key page, any user with the SSH User Keyfactor Command role permission (see SSH Permissions) can generate an SSH key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for himself or herself. If the user has previously generated a key pair through Keyfactor Command, it will be displayed here. In this interface a user can view only his or her own key pair; keys for any other Keyfactor Command users are not accessible.

Example:  An administrator wants to provision new user Zed Adams and grant him access to login via secured SSH using PuTTY to three Linux servers controlled by the Keyfactor Bash OrchestratorClosed The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise.. The servers are set to both inventory and publish policy. To accomplish this, the administrator:
  1. Adds Zed's AD account to the AD group that grants him the SSH User role permission in Keyfactor Command and allows him to login to the Management Portal.
  2. Directs Zed to login to the Management Portal, go to the My SSH Key page and generate a new key pair (see Generating a New Key). She instructs him to enter the following information in the form:
  3. Instructs Zed to download the SSH private key and use the PuTTY Key Generator tool to open the key and convert it to the PuTTY format:
    1. Click Load and browse to locate the downloaded private key. This key is named something like SSH-Key-KEYEXAMPLE-zadams.identity.
    2. In the Parameters section of the page, select Ed25519 as the type of key to generate.
    3. Click Save private key and save the private key in the PuTTY format (*.ppk) in a safe location on the local machine.

    Figure 295: Use PuTTY Key Generator to Convert Zed's Private Key

  4. Uses the Keyfactor Command Management Portal to create Linux logons for Zed on each of the three servers that Zed should have access to and map Zed's new public keyClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. to these three logons (see Editing Access to an SSH Server Group).

    Figure 296: Create Logons and Mappings for Zed

    Note:  The three servers that Zed needs access to are in a server group so the administrator can create Zed's logons and map his key using the Access Management option on the Server Group page. If the servers were in different server groups or the server group contained servers to which Zed should not have access, the administrator would need to create the logons and mappings separately for each server using the Access Management option on the Servers page (see Editing Access to an SSH Server).
  5. Waits for the logons to be created on the three servers and the public key to be published to them. The time that this takes depends on the frequency of the server group synchronization schedule (see Adding Server Groups).
  6. Instructs Zed to configure PuTTY to use the private key for authentication, providing also connection information for the three Linux servers to which he will be connecting.

    Figure 297: Configure PuTTY to Use Zed's Private Key

  7. Confirms that Zed is able to successfully connect using secured SSH to each of the three servers.

This information is included for a key:

Figure 298: Key Information for an SSH User Key

Tip:  Click the help icon () next to the My SSH Key page title to open the embedded web copy of the Keyfactor Command Reference Guide to this section.

You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.