Overview of Public-Key Authentication

Public-key authentication uses a public-private key pair to log onto an SSH2 server . Setting up public-key authentication for an SSH2 SecureCRT session is a multi-step process. Identity files must be created using the Key Generation wizard. One of the identity files created by the Key Generation wizard will contain a private key that will be assigned either on a global level for all SSH2 sessions or on a session-specific level. The global or session-specific characteristic of the private key is specified in the SSH2 category. The other identity file created by the Key Generation wizard will contain the corresponding public key and will need to be transferred to the proper location on the SSH2 server.

Note: Public keys generated using VanDyke Software products comply with the established IETF draft specification defining the format of Secure Shell public key files. This does not guarantee that SecureCRT will work with public key files generated using other Secure Shell software implementations which may or may not comply with this specification.

Since there is no IETF specification defining the format of Secure Shell private key files, SecureCRT may not be able to use private key files generated with other implementations. It should also be noted that, since the private key generated by SecureCRT uses a different format from OpenSSH's private key, OpenSSH cannot use a VanDyke Software generated private key.

SecureCRT supports SSH2 public-private key files generated with VanDyke Software products and the public-private key files generated with the OpenSSH ssh-keygen utility.

Creating Global Identity Files

1.   Open the Global Options dialog and click on the SSH2 category

2.   Click on the Create Identity File button.

3.   Follow the instructions in the Key Generation wizard to create your identity files. The Key Generation wizard will ask for a passphrase, but the passphrase is not required. If the public key is going to be used as part of an automated process, you may not want to use a passphrase.

4.   Once your public-private key pair has been generated by the Key Generation wizard, you will be prompted for the path and filename in which your identity files will be stored. Be sure to specify a secure location for these files such that you are the only individual with access to them. The public key will be placed in a file with the same name as the private key file, but with an extension of .pub.

Note: SecureCRT supports RSA, Ed25519, EDSA, and DSA key types.

Creating Session-Specific Identity Files

1.   In the Connect dialog, select the SSH2 session with which you would like to use the identity files.

2.   Open the Session Options dialog

3.   In the Authentication group, set one of your authentication methods to be PublicKey and click on the associated Properties button.

4.   In the Public Key Properties dialog, click on the Create Identity File button.

5.   Follow the instructions in the Key Generation wizard to create your identity files. The Key Generation wizard will ask for a passphrase, but the passphrase is not required. If the public key is going to be used as part of an automated process, you may not want to use a passphrase.

6.   Once your public-private key pair has been generated by the Key Generation wizard, you will be prompted for the path and filename in which your identity files will be stored. Be sure to specify a secure location for these files such that you are the only individual with access to them. The public key will be placed in a file with the same name as the private key file, but with an extension of .pub.

Using Your Identity Files

Once you have created your identity files, there are several steps that will need to be completed so that you can make use of them with SecureCRT. The necessary steps are:

1.   Configure the SSH2 server to recognize your public-key file (e.g., Identity.pub). Instructions are provided for configuring VanDyke Software's VShell® server, OpenSSH, SSH Communications, and Data Fellows servers.

2.   Configure SecureCRT to use the identity file with public-key authentication on the local machine. The identity file created by the Key Generation wizard contains both your new public key and your new private key. To configure SecureCRT to use the identity file complete the following instructions:

a.   In the Connect dialog, select the SSH2 session with which you would like to use the identity file.

b.   Open the Session Options dialog and in the Connection/SSH2 category, change the Authentication setting from Password to PublicKey.

c.   If you have more than one identity file, you may need to click on the Properties button and verify that the session is using the session-specific key you have created.

d.   Click on the OK button to save the changes. If you supplied a passphrase when you created your key, you will be prompted to enter it during the connection process.

Related Topics