The Secure Shell (SSH) is a protocol for conducting a secure session over a non-secure network. Host On-Demand supports SSH for VT Display sessions and File Transfer (sftp) sessions.
Public-key authentication is a way of logging into an SSH/SFTP account using a cryptographic key rather than a password. If you use very strong SSH/SFTP passwords, your accounts are already safe from brute force attacks. However, using public-key authentication provides many benefits when working with multiple developers. For example, with SSH keys you can:
In Host On-Demand we have 3 types of authentication in VT Display
By default, keyboard-interactive and password authentications are always enabled. The reason is that keyboard-interactive and password authentications are used when public-key authentication fails or when public-key authentication is not enabled.
How to enable Public-key Authentication for VT Display using SSH
Host On-Demand supports creating a connection to a public-key Authentication enabled host. For enabling this feature, the Host On-Demand Administrator needs to set the "Enable" to YES by clicking on the radio button next to it in the SSH panel while configuring the session and provide a KeyStore File Path, KeyStore File Password, Public-key Alias, and Public-key Alias Password.
Steps to follow in configuring a VT Display session for SSH client authentication using a public-key
Here is a preview of the steps to follow in configuring a VT Display session for SSH client authentication using a public-key:
1.Steps to create a Java key store certificate using the Java Keytool
Use the keytool to generate a public-private key pair. (This tool stores both keys of the pair as an entry in a file called keystore.)
3. Enter keystore password and key password for <mykey> are user-defined while creating a certificate.
4. Certificate Location for example” C:\Users\Admin\.ssh\vtclient.jks”
2.How to Extract the public-key from the KeyStore
Use the Export Public-key utility (integrated into the SSH configuration window of the VT Display session configuration) to extract the public-key from the keystore into a separate file.
The Destination input field contains the path and file name of the output file that is to contain the exported public-key. In the image below the path is C:\Users\**** and the file name is id_dsa.pub.
The Use OpenSSH Format checkbox determines the format of the extracted public-key.
Check with your system administrator to determine which format your SSH server requires. If necessary, generate a public-key in each of the 2 formats, then try each on the host to see which format works with the SSH client.
The final step is to configure the SSH configuration window for client authentication using a public-key. To perform this step, type the appropriate values into the input fields of the Public-key Authentication group in the SSH configuration window.
Using the Communication option, click the Select Security option, here we can check the Authentication type as shown below:
For more information, check the below link.
Software Engineer – HCL Software