Overview of RSA Authentication

RSA authentication uses a public-private key pair to authenticate and log onto an SSH1 server . It offers a higher level of authentication security than password authentication by requiring both the private key and the passphrase that protects the private key in order to complete authentication.

Setting up RSA public-key authentication for a SecureCRT SSH1 session is a multi-step process. Identity files are first created with the SecureCRT Key Generation wizard. The identity file is defined for global or session-specific use in the SSH1 category of the Global Options dialog or in the Connection/SSH1 category of the Session Options dialog. Then the public key is added to the authorized_keys file, which is located on the SSH1 server.

Creating Identity Files

To create an RSA identity file:

1.   In the Connect dialog, select the SSH1 session with which you would like to use the identity files.

2.   Open the Session Options dialog and click on the Connection/SSH1 category.

3.   In the Authentication field, choose RSA as the authentication type and click on the Properties... button.

3.   In the Public Key Properties dialog, select whether you want the new identity file to be global or session specific and click on the Create Identity File button.

4.   Follow the instructions in the Key Generation wizard to create your identity files. Once your public-private key pair has been generated by the Key Generation wizard, you will be prompted for the path and filename in which your private key will be stored. Be sure to specify a secure location for this file such that you are the only individual with access to it. The public key will be placed in a file with the same base name as the private key file, but with an extension of .pub.

Using Your Identity Files

Once you have created your identity files, there are several steps that will need to be completed so that you can make use of them with SecureCRT. The necessary steps are 1)  Transfer the public-key file (e.g., Identity.pub) to the remote machine; 2) Put the contents of the public-key file in your authorized_keys file on the remote machine; and 3) Configure SecureCRT to use the identity file with RSA authentication.

1. Transfer the identity file to the SSH server

In order to use your public key you must transfer the public-key file (with the extension .pub) created by the Key Generation wizard to the ~/.ssh/ directory on the SSH server. One of the easiest ways to transfer this file to the SSH server is to use the Zmodem file transfer feature provided by SecureCRT. If the remote machine does not have Zmodem installed, you will need to use an FTP client to transfer the identity file to the remote machine. Another way to transfer the identity file to the remote machine is to copy and paste the contents of the identity file. To accomplish this, use Notepad.exe to open the identity file and copy the contents of the identity file to the clipboard. On the remote machine, create a file using your favorite editor and paste the contents of the clipboard using the paste button.

2. Update the authorized_keys file on the remote machine

Once you have transferred the Identity.pub file to the remote machine, you must update the authorized_keys file on the remote machine. The following steps outline this update process.

1.   Connect to the remote SSH server using SSH1 and password authentication.

2.   Append the contents of the public-key file created with the Key Generation wizard to the file ~/.ssh/authorized_keys on the remote host. The default name of the public-key file is Identity.pub. Create the ~/.ssh/authorized_keys file if it does not already exist. If you want multiple authorized keys, append the contents of the public-key file to the authorized_keys file. The simplest way to do this is typically:

% cat identity.pub >> ~/.ssh/authorized_keys

(note that the name of the identity file can be different than the example)

Note on placing public keys: The format of the authorized_keys file requires that each entry consist of a single long line. If you use Copy and Paste to add a public key to the ~/.ssh/authorized_keys file, make sure that the entry contains no additional new-line characters.

3. Configure SecureCRT to use your identity files

The identity file created by the Key Generation wizard contains both your new public key and your new private key. To configure SecureCRT to use the identity file:

1.   In the Connect dialog, select the SSH session with which you would like to use the identity file.

2.   Open the Session Options  dialog and in the Connection/SSH1 category, change the Authentication setting from Password to RSA.

3.   If you have more than one identity file, you may need to click on the Properties... button and verify that the session is using the session-specific key you have created.

4.   Click on the OK button to save the changes. If you supplied a passphrase when you created your key, you will be prompted to enter it during the connection process.

Related Topics