This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle 7.2 Enablement

KennyRyder1
Moderator Moderator
Moderator
‎2020-05-05 06:33 AM

SSH-Keypair Connector Configuration

Jump to solution

A customer I am currently working with is very keen on using secure connections between services. With this in mind I am l'm looking to deploy with SSH-keypair Connector to execute powershell scripts for the purpose of enabling Exchange mailboxes. My assumption being this is more secure than the Generic SSH connector and would not have required a userId\password combo, however it does.

 

The Connector & Collector Application Guides page doesn't have any specific information on it's configuration, nor can I find details on specific use cases for which this connector would be best suited. It seems to be new to v7.2.

 

Does anyone have a guide or more information on each of the configuration options. Specifically what is the purpose of the logon Id and password, and the purpose of the private key? Typically where and how would you get this key?

 

My initial thoughts were the key was to enable authentication of the connection with the user Id and password required to execute the script.

 

Any guidance or documentation which would help me configure this correctly would a big help. I have the Generic SSH connector running as I would expect, but want to use the SSH-Keypair connector.

Kenny Ryder
0 Likes
Reply
1 Solution

Accepted Solutions
AhmedNofal
Moderator Moderator
Moderator
In response to MHelmy
‎2020-05-05 11:45 AM

Jump to solution

Example of the first command for setting up public key authentication against 2 SLES servers:

First command:

ssh-keygen

 

 

go on with setting up a location for the public and private keys.

 

set a passphrase for the private key as it's apparently required by the IG&L connector and not something optional ...

confirm the pass-phrase, then if you are using the default directories for key locations, they private and public key should be located at:

<USER_HOME>/.ssh

 

Second command:

ssh-copy-id <destination_user>@<destination_host/IP> (like a simple SSH argument)

example:

ssh-copy-id oracle@acm-7xx.vcloud.local

& enter oracle's user password.

 

With this command, the public key generated in the first command will be copied over to the destination user (in the example's case, oracle) on the destination server (in the example's case, acm-7xx.vcloud.local).

 

If the second command is successful, you should be able to ssh with the user you created the key pair in the first command to the destination user/server in the second command successfully without the need to input passwords, but in the case for setting this up for IG&L's SSH-keypair connector, you'd already set the passphrase for the private key, so the terminal will prompt you to enter that password.

 

The connector requires :

1. the path to the private key (in <USER_HOME>/.ssh directory named id_rsa as set by the first command)

2. the password to the private key (passphrase set in the first command)

3. destination hostname/ip address & user (in second command)

View solution in original post

Reply
2 Replies
MHelmy
Moderator Moderator
Moderator
‎2020-05-05 08:20 AM

Jump to solution

I believe you need to put the following in the connector configuration:

  • username
  • private key file
  • password for the key file (not the user)

 

The way to setup the private key is basically the same you would do this for any non-IGL/AFX related Linux server. Depending on your OS version, I can lookup some commands to setup the SSH key login requirements.

0 Likes
Reply
AhmedNofal
Moderator Moderator
Moderator
In response to MHelmy
‎2020-05-05 11:45 AM

Jump to solution

Example of the first command for setting up public key authentication against 2 SLES servers:

First command:

ssh-keygen

 

 

go on with setting up a location for the public and private keys.

 

set a passphrase for the private key as it's apparently required by the IG&L connector and not something optional ...

confirm the pass-phrase, then if you are using the default directories for key locations, they private and public key should be located at:

<USER_HOME>/.ssh

 

Second command:

ssh-copy-id <destination_user>@<destination_host/IP> (like a simple SSH argument)

example:

ssh-copy-id oracle@acm-7xx.vcloud.local

& enter oracle's user password.

 

With this command, the public key generated in the first command will be copied over to the destination user (in the example's case, oracle) on the destination server (in the example's case, acm-7xx.vcloud.local).

 

If the second command is successful, you should be able to ssh with the user you created the key pair in the first command to the destination user/server in the second command successfully without the need to input passwords, but in the case for setting this up for IG&L's SSH-keypair connector, you'd already set the passphrase for the private key, so the terminal will prompt you to enter that password.

 

The connector requires :

1. the path to the private key (in <USER_HOME>/.ssh directory named id_rsa as set by the first command)

2. the password to the private key (passphrase set in the first command)

3. destination hostname/ip address & user (in second command)

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.