Skip to content

SSH Key Authentication

Terminal App: More > Preferences > Private Key

The Control Center provides the capability to open SSH connections to Local Managers and managed devices through the native Terminal Application, using SSH keys in lieu of prompting for a username and password.

Note

Providing public keys to authenticate overrides TACACS/RADIUS authentication for that user.

Arguments

  • Authorized Keys - The SSH public key stored in the user profile in the Control Center. This key is synchronized to Local Managers with user information.
  • SSH Private Key File - The path to the SSH private key file on the user's workstation. This path is stored in a cookie in the user's browser.

Generate SSH Key Pair on Client Workstation

Complete this step if the SSH key pair has not previously been created.

This example walks through the process of configuring Terminal App SSH key authentication for user ajones.

If the client workstation (i.e., the workstation that will launch the Terminal Application to connect to the Local Manager or managed devices) is running Linux, Unix, or Mac OSX (or is running Windows with a Linux-like environment application like Cygwin), issue the following command in a terminal window to generate the key pair: ssh-keygen -t rsa.

/Users/admin > ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/ajones/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/ajones/.ssh/id_rsa.
Your public key has been saved in /Users/ajones/.ssh/id_rsa.pub.
The key fingerprint is:
53:6d:4d:bd:5e:45:15:e1:16:45:ad:67:b9:1b:ed:d9 ajones

If the Local Manager is running in FIPS mode, then an "rsa" key must be generated with at least 2048 bits - use the following command to generate this key pair: ssh-keygen -t rsa -b 2048.

If the client workstation is running a Windows operating system, the free puTTYgen tool can be downloaded and used to generate SSH key pairs. An example of this puTTYgen tool is shown below:

After installing and running the puTTYgen tool, perform the following:

  1. In the Parameters section, choose RSA, leave the default number of bits set to 2048 and click the Generate button.
  2. Move the mouse in the small screen as instructed by the tool during key generation to add randomness to the key pair being generated.
  3. Make note of the key comment, and edit it if required. This is useful when using several SSH key pairs.
  4. Do not enter a Key passphrase - leave it blank.
  5. Click Save private key to save your private key. Give the key a filename and confirm that it should have a blank passphrase. Also, note the filename and path, as the location for this private key will be configured in a subsequent step.
  6. Copy the text from the box under "Public key for pasting into OpenSSH authorized_keys file" and paste to a text file for use in the "Add Public SSH key to User in Control Center" section.
  7. You will need to export the private key as openSSH key. Click the Conversions menu and select Export OpenSSH key. Enter a filename and confirm that it should have a blank passphrase.

Add Public SSH key to User in Control Center

The contents of the SSH public key text file should be provided to a Control Center admin if the user does not have privileges to edit their user profile. Next, the user or Control Center admin should log in to the web interface, navigate to the Administration > Users page and then click on the user to be provisioned with the SSH public key. In the example below, the SSH public key for the user is pasted into the Authorized Keys text box. Be sure to click Save after pasting the SSH public key.

Public SSH Key

Set SSH Private Key Location in Browser

Log into the Control Center, navigate to a Local Manager, select the chevron next to the SSH button and then select Open native terminal.

Once the Terminal Application finishes initializing, at the top of the screen, click the More menu and then click Preferences and select the Private Key tab.

Next, click Browse on the popup menu, browse to and select the private key file, then click Open to set the path as shown below. Finally, click Save to save the path to the private key in a Lantronix cookie in the browser. Close the application window.

This completes configuration for the public and private key pair. The public key is stored in the Control Center and the path to the private key is stored as a cookie in the user's browser.

Usage

Once the private key has been configured as specified above, the SSH Key Authentication is configured and active. The same private key is used to SSH into the LM or to Terminal directly into the console of the managed device attached to the device port. The terminal should establish and authenticate the SSH session without the user having to enter a password.