Configure Public Key User Authentication: Reflection for Secure IT Client for UNIX
Public key authentication for Reflection for Secure IT Client for UNIX requires both client and server configuration. Here's a quick overview of the main steps involved. The details are explained in the procedures that follow.
- Create a key pair on the client.
- Add a line to the client identification file (~/.ssh2/identification) that identifies the private key.
- Copy the public key to the user's directory on the server (~/.ssh2).
- Add a line to the user's authorization file (~/.ssh2/authorization) on the server that identifies the public key.
To configure the Reflection for Secure IT Client for UNIX
- Generate a public/private key pair using the ssh-keygen utility. For example:
- In a text editor, open (or create) the client identification file. The default name and location for this file is ~/.ssh2/identification.
- Add a line to the client identification file that identifies the private key you created (using the format "IdKey" for the key entry, followed by the name of the private key file). For example:
To configure public key user authentication on the Reflection for Secure IT Server for Windows
- Start the server console, and then click Configuration.
- Go to Authentication > Public Key and select either Allow or Require.
- (Optional) From the User key directory box, specify a folder in which to store user public keys. By default, the server looks for keys in an .ssh2 subfolder in the .
Note: This folder must be SFTP-accessible.
- (Optional) Specify a filename for the authorization file. By default, the server uses the name authorization.
- Copy the client public key to the user key directory on the server. For example, the default location for joe on Windows Server 2008 would be:
Note: To create a folder with a name starting with a dot, you need to use the DOS command window.
- Using a text editor, create or edit the authorization file for this user. For example, the default file for joe on Windows Server 2003 would be:
- Add a line to the authorization file that identifies the key you copied to the user key directory (using the format "key" for key entries, followed by the public key name). For example:
Note: Public key authentication is not supported for the local Guest account.