Manualshelf

User`s guide

ManualsBrandsCyclades ManualsNetworkingAlterPath OnBoard
571572573574575576577578579580
Miscellaneous Procedures 529
Administering Security Certificates for HTTPS and SSH on the OnSite
Prerequisites for Enabling and Using X.509 Certificates for SSH
Authentication
To enable the exchange of certificates with a client, the administrator needs to
make sure that the prerequisites listed below are complete:
The client must have installed and enabled an OpenSSH client with the
X.509 patch (which is available at http://www.roumenpterov.info/
openssh).
The client must have an SSL certificate issued by a CA and a hostkey.
For each client connected to a serial port, the serial ports are configured
for “socket_ssh” protocol and assigned the IP address of the connected
device.
The OnSite must have a private key and an SSL certificate issued by a
CA.
The OnSite administrator must obtain the client information from the client’s
certificate and host key, and add the user identification to the authorized keys
file as described in the following procedure.
T To Enable Authentication of SSH Sessions
Through Exchange of X.509 Certificates
This procedure requires the following prerequisites to be done:
The client must have installed and enabled an OpenSSH client with the
X.509 patch (which is available at http://www.roumenpterov.info/
openssh).
For each client connected to a serial port, the serial ports must be
configured for “socket_ssh” protocol and assigned the IP address of the
connected device.
This procedure assumes that /etc/ssh/authorized_keys is the
filename defined in the AuthorizedKeysFile definition in the
sshd_config file.
Do this procedure for each client with which the OnSite needs to exchange
security certificates.
1. On the client, an administrator must extract the client information from
the client’s signed certificate and make the information available to the
administrator who is configuring the client on the OnSite.