14: User Authentication
EMG™ Edge Management Gateway User Guide
321
SSH Keys
Overview
The EMG can import and export SSH keys to facilitate shared key authentication for all incoming
and outgoing SSH connections. By using a public/private key pair, a user can access multiple
hosts with a single passphrase, or, if a passphrase is not used, a user can access multiple hosts
without entering a password. In either case, the authentication is protected against security attacks
because both the public key and the private key are required to authenticate. For both imported
and exported SSH keys, the EMG unit supports both RSA and DSA keys, and can import and
export keys in OpenSSH and SECSH formats. Imported and exported keys are saved with the
EMG configuration, and the administrator has the option of retaining the SSH keys during a reset
to factory defaults.
The EMG unit can also update the SSH RSA and DSA host keys that the SSH server uses with
site-specific host keys or reset them to the default values.
Imported Keys
Imported SSH keys must be associated with an EMG local user. The key can be generated on
host "MyHost" for user "MyUser," and when the key is imported into the EMG unit, it must be
associated with either "MyUser" (if "MyUser" is an existing EMG local user) or an alternate EMG
local user. The public key file can be imported via SCP, SFTP, or FTP; once imported, you can
view or delete the public key. Any SSH connection into the EMG unit from the designated host/
user combination uses the SSH key for authentication.
Exported Keys
The EMG can generate SSH keys for SSH connections out of the EMG for any EMG user. The
EMG retains both the private and public key on the EMG unit, and makes the public key available
for export via SCP, SFTP, FTP, or copy and paste. The name of the key is used to generate the
name of the public key file that is exported (for example, <keyname>.pub), and the exported keys
are organized by user and key name. Once a key is generated and exported, you can delete the
key or view the public portion. Any SSH connection out of the EMG for the designated host/user
combination uses the SSH key for authentication.
Create an SSH Key
The console manager can import and export SSH keys to facilitate shared key authentication (or
public key authentication) for all incoming and outgoing SSH connections. A public-private key pair
is generated on a host that is the SSH client (both keys should be stored secure manner), and the
public key is imported into the host that the user wants to SSH to, eg, the SSH server.
An example of how to create a 3072 bit RSA SSH key on a Linux host:
% ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:cCWA3ydbTYUAqPtJQ3I8UY7Cyhieri5zNbB56Cc27z0 username@emg0000
The key's randomart image is:
+---[RSA 3072]----+
Summary of Contents for EMG Series
Page 100: ...7 Networking EMG Edge Management Gateway User Guide 100 Figure 7 5 Network Wireless Settings...
Page 353: ...15 Maintenance EMG Edge Management Gateway User Guide 353 Figure 15 12 About EMG...
Page 474: ...EMG Edge Management Gateway User Guide 474 Figure E 3 EU Declaration of Conformity...
Page 475: ...EMG Edge Management Gateway User Guide 475 Figure E 4 EU Declaration of Conformity continued...