Public Key Options
Public Key / Certificate: Click on this check box to
log in with certificate authentication. Certificate authentication
uses public/private key pair to authenticate an user making ssh
connection to the server. If certificate authentication fails and
password authentication is allowed, the user will be prompted for a
password. For more information on certificate authentication, click
here.
Allow authentication from registry: This option uses cached certificate information from the registry to authenticate an user. To turn off this option, de-select the check box
Allow authentication from file: This option uses stored certificate information from the authorized_key file to authenticate an user. The authorized_key file is located in the PragmaSSH folder under the user profile. To turn off this option, de-select the check box.
Automatically store keys in registry: Turn this option on when allowing certificate access to automatically store/load keys in the registry (PAD).
Store keys in authorized file: Turn this option on when allowing certificate access to automatically store/load keys in the authorized_key file located in the \AppData\PragmaSSH folder of an user's home directory or user profile.
Authenticate using UPN (if available in certificate): Turn this option on to authentication using UPN. This option uses the UPN in the SAN (Subject Alternative Name) field of the certificate to map the certificate to the user account. This means that association using the PAD or authorizedkeys file is not necessary. Please note that if this option is disabled (unchecked), then either the authorizedkey or the PAD must be enabled (checked) in order to associate the user with the certificate.
In order to make an SSH connection to Pragma FortressSSH server using
the public key authentication method, we recommend using our
auto-store feature for server side storage of public keys due to the
non-standardized syntax of public keys and the exact location for
storage. To use our auto-store feature please do the following:
On the server side, under Local Server Configuration Authentication
Public Key Options, make sure that the "Public
Key/Certificate" option is checked and the "Store keys in
authorized file" option is also checked under the section
labeled "Automatically Store Public Keys". De-select the
GSSAPI authentication option so that you always authenticate using
the public key method. On the Authentication - Password Options page
choose to either prompt or always store the password. This will allow
for full user context for your users authenticated by certificate.
Client-side
configuration (Unix client):
On the client side (UNIX side), if a key pair is not already
available to connect with, use the sshkeygen.exe key generator
program to create a public-private key pair ((id_dsa &
id_dsa.pub) OR (id_rsa & id_rsa.pub)). Then specify the public
key in the ssh command parameter to connect to the windows machine
running Pragma FortressSSH.
For example:
ssh -i id_dsa. domain\\username@windows_machine_name_OR_IP_address
First time you try the above, you will be prompted for password and
the content of the public key that you specified in the ssh command
parameter (e.g. id_dsa) will automatically get stored in a file
called "authorized_keys2" on the Windows machine (located
under %USERPROFILE%\Application Data (or AppData\Roaming)\PragmaSSH).
So the next time you connect, you will be logged in automatically.
Enter "yes" when you are prompted regarding caching of your
user crendtials. If you would like to manually store your key, you
would copy your public key in the same location, making sure to match
the user profile location and key formatting exactly.
Client-side configuration (Windows client):
If a key pair is not already available to connect with, use a Windows
ssh key generator program to create a public-private key pair
((id_dsa & id_dsa.pub) OR (id_rsa & id_rsa.pub)). Then
specify the public key in the ssh command parameter or in the
appropriate field if using a GUI SSH client to connect to the windows
machine running Pragma Fortress SSH Server.
First time you connect, you will be prompted for password and the
content of the public key that you specified will be automatically
stored in a file called "authorized_keys2" on the
server-side Windows machine (located under %USERPROFILE%\Application
Data (or AppData\Roaming)\PragmaSSH). So next time you connect, you
will be logged in automatically. If you would like to manually store
your key, you would copy your public key in the same location, making
sure to match the user profile location and key formatting exactly.