Create Identity Files with SecureCRT

Public key authentication uses a public-private key pair A pair of keys used with RSA or DSA authentication. The public key is usually kept in a file named Identity.pub, which is then transferred to the remote SSH server and appended to the user's authorized_keys file. Another file usually named Identity contains both the public key and the corresponding private key. This file is kept on the local machine and is used by clients with public key or RSA authentication methods. to log onto an SSH2 The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features than the SSH1protocol provides. server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server. . Setting up public-key authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in VShell is public-key authentication. Related glossary terms: identity file, public-private key pair for a VanDyke Software SecureCRT® SSH2 session A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hosts. is a multi-step process. Two identity files must be created using the Key Generation wizard. One of the identity files will contain a private key which will be assigned either on a global level for all SSH2 sessions or on a session-specific level. The global or session-specific characteristic of the private key is specified in the SSH2 category of the Global Options dialog. The other identity file Identity files are two files containing the public-private key pair used to connect to an SSH server using RSA or DSA authentication. The identity file contains the public and private key pair and is used by VShell. The Identity.pub file contains only the public key which is usually appended to the authorized_keys file. will contain the corresponding public key and will need to be transferred to the proper location on the SSH2 server. For example, if you used the default folder to install VShell, the location would be the following path:

C:\Program files\VShell\Publickey\%User%\Identity.pub

To generate and use a public key, there are several tasks that you must perform:

1.   Create identity files.

2.   Configure the VShell server to recognize your public-key file.

3.   Configure SecureCRT to use the identity file with public-key authentication.

The following sections will help you through these tasks.

Creating Identity Files

To create identity files in SecureCRT, perform the following steps:

1.   From the SecureCRT File menu, click on Connect... to open the Connect dialog and select the SSH2 session with which you would like to use the identity files.

2.   Click on the Properties button to open the Session Options dialog and under the Connection A data path or circuit between two computers over a phone line, network cable, or other means. category, click on the Properties button beside the Authentication method designated as PublicKey.

3.   In the Public Key Properties dialog, click on the Create Identity File button.

4.   Follow the instructions in the Key Generation wizard to create your identity files. Once your public-private key pair has been generated by the Key Generation wizard, you will be prompted for the path and filename in which your identity files will be stored. Be sure to specify a secure location for these files such that you are the only individual with access to them. The public key will be placed in a file with the same name as the private key file, but with an extension of .pub.

Note: To find an acceptable public key match, the VShell server for Windows will look at all files in the Publickey directory regardless of their extension. The only exception is that VShell will not check those files with names that begin with a period (.). For example, file.pub, key.exe, and xx.cer would be checked to see if they contain a valid key; however, .x.pub would not.

Configuring VShell Server to Recognize Your Public-Key File

In order to use your public key you must transfer the public-key file created by the Key Generation wizard to the individual user's folder under the Publickey folder on the SSH2 server. For example:

C:\Program files\VShell\Publickey\%User%\Identity.pub

It is recommended that you follow the procedure below for using copy-and-paste operations to create a copy of the public-key file in the Publickey folder on the remote machine. If you decide instead to transfer the public-key file using an FTP client A computer or application that uses services provided by a server. , be sure to transfer the file in ASCII mode.

To use copy-and-paste operations to configure the SSH2 server to recognize your public-key file:

1.   Log on to the remote SSH2 server using SSH2 and password authentication.

2.   On the local machine, use Notepad.exe to open the public-key file that was created with the SecureCRT Key Generation wizard.

3.   With the public-key file open in Notepad, open the Edit menu and choose Select All. Once everything is selected, open the Edit menu again and select Copy.

4.   On the remote machine, complete the following steps:

a.   Change to the individual user's folder under the Publickey folder: For example:

\Program files\VShell\Publickey\%User%

b.   Type "copy con identity.pub" (identity.pub is just an example file name) on the command line and press the ENTER key.

c.   Click on the SecureCRT Paste button to paste the contents of the Clipboard (which should now contain the contents of your public-key file).

d.   Press CTRL+Z ENTER to close the public-key file. Once you have typed CTRL+Z ENTER, the public-key file will have been created in the folder on the remote VShell server.

Configure SecureCRT to Use Your Identity Files

In order to successfully perform public-key authentication, SecureCRT must be configured to use he identity files created earlier. To configure SecureCRT to use the identity file with public key authentication on the local machine:

1.   In the Connect dialog, select the SSH2 session with which you would like to use the identity file.

2.   Open the Session Options dialog and in the Connection category, change the Authentication setting from Password to PublicKey.

3.   If you have more than one identity file, you may need to click on the Properties button and verify that the session is using the session-specific key that you created.

4.   Click on the OK button to save the changes. If you supplied a passphrase A password used to protect a private key from unauthorized use. It is recommended that a passphrase be assigned to all private keys to prevent unauthorized use, especially in environments where multiple individuals have access to the machine on which the private key files are stored. When using public-key authentication, a private key with an assigned passphrase will not be available if the correct passphrase is not supplied during the authentication process. when you created your key, you will be prompted to enter it during the connection process.