Create Identity Files with SecureFX

Public key authentication uses a public-private key pair A pair of keys used with RSA or DSA authentication. The public key is usually kept in a file named Identity.pub, which is then transferred to the remote SSH server and appended to the user's authorized_keys file. Another file usually named Identity contains both the public key and the corresponding private key. This file is kept on the local machine and is used by clients with public key or RSA authentication methods. to log onto an SSH2 The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features than the SSH1protocol provides. server. Setting up public-key authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in VShell is public-key authentication. Related glossary terms: identity file, public-private key pair for a VanDyke Software SecureFX® SSH2 session A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hosts. is a multi-step process. Two identity files must be created using the Key Generation wizard. One of the identity files will contain a private key which will be assigned either on a global level for all SSH2 sessions or on a session-specific level. The global or session-specific characteristic of the private key is specified in the Options\SSH2 category. The other identity file Identity files are two files containing the public-private key pair used to connect to an SSH server using RSA or DSA authentication. The identity file contains the public and private key pair and is used by VShell. The Identity.pub file contains only the public key which is usually appended to the authorized_keys file. will contain the corresponding public key and will need to be transferred to the proper location on the SSH2 server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server. . For example, if you used the default folder to install VShell, the location would be the following path:

C:\Program files\VShell\Publickey\%User%\Identity.pub

To generate and use a public key, there are several tasks that you must perform:

1.   Create identity files.

2.   Configure the VShell server to recognize your public-key file.

3.   Configure SecureFX to use the identity file with public-key authentication.

The following sections will help you through these tasks.

Creating Identity Files

To create session-specific identity files in SecureFX, perform the following steps:

1.   From the SecureFX File menu, click on Connect... to open the Connect dialog and select the SSH2 session with which you would like to use the identity files.

2.   Open the Session Configuration dialog.

3.   For SecureFX version 1.x:

a.   Under the Site category, click on the SSH2 subcategory.

b.   In the Authentication entry box, select either Public Key or Both as your authentication method.

c.   Select the Public Key category and click on the Create Identity File... button.

4.   For SecureFX version 2.x:

a.   If you are using the SFTP protocol, select the Site category.

b.   If you are using the FTP over SSH2 protocol, select the Site/SSH2 Logon subcategory.

c.   In the Authentication group, select Public Key as one of your authentication methods and click on the associated Properties button.

d.   On the Public Key dialog, clear the Use global identity file option and click on the Create Identity File... button.

5.   Follow the instructions in the Key Generation wizard to create your identity files. Once your public-private key pair has been generated by the Key Generation wizard, you will be prompted for the path and filename in which your identity files will be stored. Be sure to specify a secure location for these files such that you are the only individual with access to them. The public key will be placed in a file with the same name as the private key file, but with an extension of .pub.

Note: To find an acceptable public key match, the VShell server for Windows will look at all files in the Publickey directory regardless of their extension. The only exception is that VShell will not check those files with names that begin with a period (.). For example, file.pub, key.exe, and xx.cer would be checked to see if they contain a valid key; however, .x.pub would not.

Configure VShell Server to Recognize Your Public-Key File

In order to use your public key you must transfer the public-key file created by the Key Generation wizard to the appropriate user's Publickey folder on the VShell server (for example: C:\Program Files\VShell\Publickey\%User%\Identity.pub). It is recommended that you follow the procedure below to create a copy of the public-key file in the VShell Publickey folder on the remote machine.

To configure the VShell server to recognize your public-key file:

1.   Connect to the remote server using SFTP and password authentication.

2.   On the server, create folder with your username under the VShell Publickey folder, if necessary.

3.   Using drag-and-drop operations, transfer the public-key file to the %User% folder.

Configure SecureFX to Use Your Identity Files

In order to successfully perform public-key authentication, SecureFX must be configured to use he identity files created earlier. To configure SecureFX to use the identity file:

1.   From the SecureFX File menu, click on Connect... to open the Connect dialog, select the SSH2 session with which you would like to use the identity files.

2.   Click the Properties toolbar button to open the Session Configuration dialog

3.   For SecureFX version 1.x:

a.   In the Site/SSH2 category, select Public Key in the Authentication entry box

b.   Select the Site/SSH2/Public Key category.

c.   Click either the Use global or Use session-specific radio button. Enter the full path to the identity file that was just created or use the browse button to select the identity file.

4.   For SecureFX version 2.x:

a.   If you are using the SFTP protocol, select the Site category.

b.   If you are using the FTP over SSH2 protocol, select the Site/SSH2 Logon subcategory.

c.   Select Public Key as one of your authentication methods and click on the associated Properties button.

d.   To use a use a global identity file, check the Use global check box and enter the full path to the identity file that was just created or use the browse button to select the identity file.

e.   To use a session-specific identity file, clear the Use global check box and, in the Session settings group, choose either the Use identity file or Use certificate radio button.

f.   If you chose the Use identity file button, enter the full path to the identity file that was just created or use the browse button to select the identity file.

5.   Click on the OK button to save the changes. If you supplied a passphrase A password used to protect a private key from unauthorized use. It is recommended that a passphrase be assigned to all private keys to prevent unauthorized use, especially in environments where multiple individuals have access to the machine on which the private key files are stored. When using public-key authentication, a private key with an assigned passphrase will not be available if the correct passphrase is not supplied during the authentication process. when you created your key, you will be prompted to enter it during the connection A data path or circuit between two computers over a phone line, network cable, or other means. process.