Installation Specifications
We are using the library SSH.NET which supports the following private key formats:
•RSA in OpenSSL PEM and ssh.com format
•DSA in OpenSSL PEM and ssh.com format
•ECDSA 256/384/521 in OpenSSL PEM format
•ECDSA 256/384/521, ED25519 and RSA in OpenSSH key format
Private keys can be encrypted using one of the following cipher methods:
•DES-EDE3-CBC
•DES-EDE3-CFB
•DES-CBC
•AES-128-CBC
•AES-192-CBC
•AES-256-CBC
For further information, please read the documentation for the library: https://github.com/sshnet/SSH.NET
Username and Password
The simplest way is to create a user and password combination:
1.Create a user (e.g. useradd RayVentory).
2.Set a password for the User (passwd RayVentory).
3.Set permissions like described below.
4.Add User to the Credentials Store of RVSE.
|
Tip: Prefer the "privileged" option and add the elevation password. Superusers like "root" are commonly not permitted to execute every command without elevated rights! |
RVSE:
SSH Key-Based Authentication
This description might need adoptions, depending on if using Windows or other platforms.
1.Login to Linux/Unix system with the designated user account used for RayVentory.
2.Create a local folder .ssh in the users home directory, if such does not exist already
3.If the file ./.ssh/authorized_keys does not exist, create it.
To this file we need to add the public key later.
4.Make sure sshd configuration and service is set up properly.
5.Download puttygen.exe from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html.
6.Check the download with an Antivirus tool.
7.Start puttygen.exe (screenshot taken from Windows).
8.Start generating a public key by selecting the Generate button.
9.Move the mouse around to randomly generate the key.
10.Set a "Key passphrase" for the public key. This password is required later for changing the public key and generating private keys.
11.Save the public key as file to disk.
12.Copy all data within the public key field and add it to the ./ssh/authorized_keys file within the user directory of the RayVentory user on the Linux or Unix machine. Section highlighted in the following screenshot:
|
Tip: Prefer the "privileged" option and add the elevation password. Superusers like "root" are commonly not permitted to execute every command without elevated rights! |
13.Export the private key as an OpenSSH key and save it.
14.Copy the file containing the "OpenSSH" private key to the RVSE server.
Enabling RVSE Using the Private Key File
1.Start RVSE
2.Open the Credential Store and create an SSH credential
3.Select Authentication method "Key file"
4.Add the Username, path of the "OpenSSH key file" and Key passphrase
5.Select option "Privileged" and enter the elevation password
Alternatively, It Is Possible to Create the SSH-Keys Directly on a Linux/Unix Machine
1.Create the SSH-Key with the following command:
ssh-keygen -m PEM -t rsa -b 2048
2.Use the following command to add the public key to the authorized keys:
ssh-copy-id <user>@"IP address of the linux machine"
3.Copy the Private-Key file (file at /home/<user>/.ssh) onto your RVSE server.
Deploy Public Key File to Linux/Unix Systems
After creating a new Public Key for SSH and completing tests with RVSE, the public key is ready for deployment to all Linux/Unix systems.