Hardware reference guide
110 GlobalProtect Administrator’s Guide
Set Up Administrative Access to the Mobile Security Manager Set Up the GlobalProtect Mobile Security Manager
Enable SSH Certificate-Based Authentication for the Command Line Interface
To enable SSH certificate-based authentication, complete the following workflow for every administrative user:
Step 6 Save your configuration changes. Click Commit.
You will be logged out of the web interface.
Step 7 Import the administrator's client
certificate into the web browser of the
client that the administrator will use to
access the Mobile Security Manager web
interface.
For example, in Firefox:
1. Select the
Tools >Options >Advanced menu.
2. Click the
View Certificates button
3. Select the
Your Certificates tab and click Import. Browse to the
location where you saved the client certificate.
4. When prompted, enter the passphrase to decrypt the private
key.
Step 8 Log in to the Mobile Security Manager
web interface.
1. Access the IP address or hostname of the Mobile Security
Manager.
2. When prompted, select the client certificate you imported in
Step 7. A certificate warning will display.
3. Add the certificate to the exception list and log in to the Mobile
Security Manager web interface.
Enable SSH (Public-Key Based) Authentication
Step 1 Use an SSH key generation tool to create
an asymmetric keypair on the client
machine.
The supported key formats are: IETF
SECSH and Open SSH; the supported
algorithms are: DSA (1024 bits) and RSA
(768-4096 bits).
For the commands required to generate the keypair, refer to the
product documentation for your SSH client.
The public key and private key are two separate files; save both the
public key and the private key to a location that can be accessed by
the Mobile Security Manager. For added security, enter a passphrase
to encrypt the private key. You will be prompted for this passphrase
when you log in to the Mobile Security Manager.
Enable Certificate-Based Authentication (Continued)