Digi TransPort LR54 - Example: Use an SSL Certificate Authentication with Shared Account

To Next Page

To Previous Page

Services and applications Using an SSH server

Digi TransPort WR Routers User Guide

165

Note If necessary, a user private and public key pair can be generated using the following

command:

ssh-keygen -t rsa -f ~/.ssh/id_rsa

3. Display the CA public key.

jsmith@ubuntu:~$ ls .ssh/

ca_user_key ca_user_key.pub id_rsa id_rsa-cert.pub id_rsa.pub

jsmith@ubuntu:~$

jsmith@ubuntu:~$ cat .ssh/ca_user_key.pub

ssh-rsa

AAAAB3NzaC1yc2EAAAADAQABAAABAQC1f9czThv8PbVimiNHkv9xTFCC2As3h1/RYSh68J3dGg274mLr6VR6FhauAQhWEa4VmLJDo2Htq

AnTLnzTkMYKupKNCLxacmzLL6BwZS9nVBs5QO49TfLQXRdqfeGDaXxwat2qlt+YNen+eRVuNnT48YbMO+0FPdHZI3fTcZOoXHAH9zLhmW

H1kXUEZoFE8PVFKy/oA7yo9Fu7GsdrAhzr1YFuQthC5SyTDn2GV5B+Kj7vTtP8deT37JBIC1LK9psIpxJ8I1Ed9BQtqQ7+jeIvnzHW35W

5NxC8eBpCechM3F/+HCzXBYSuPxL2sjxC5ou71lJ4iip2Gl7zPyjpY4HJ jsmith@ubuntu

jsmith@ubuntu:~$

On the TransPort device

n Configure the TransPort with the user and CA key information.

digi.router> user 2 name john

digi.router> ssh 1 ca-key AAAAB3NzaC1y...yjpY4HJ

digi.router> ssh 1 ca-key-type ssh-rsa

digi.router> save config

n Log into the TransPort device using the ssh command.

jsmith@ubuntu:~$ ssh john@192.168.1.1

Welcome john

Access Level: super

Timeout : 300 seconds

digi.router>

Example: Use an SSL certificate authentication with shared account

This example gives the steps to set up two users to use SSH certificates to log in to a shared admin

account on the TransPort device.

The example sets up two users: Alice and Bob. Both users will log in to the TransPort device using the

shared it-admin account. The example assumes there is an SSH CA admin available that controls the

SSH CA private key and can sign the public keys.

The method demonstrated in this example can be extended to support any number of users. The CA

admin can also sign the individual user public keys with different validity periods. For example, one

user can be given access for 2 weeks and another user can be given access for a year.

1. Alice gives the SSH CA admin her public SSH key (usually ~/.ssh/id_rsa.pub).

2. The SSH CA admin signs Alice’s SSH public key using the CA private key, using the name it-

admin as the principal (ssh-keygen -n option) in the key signing.

3. The SSH CA admin gives the signed public key file (for example, id_rsa-cert.pub).

Other manuals for Digi TransPort LR54