{"componentChunkName":"component---src-templates-manual-template-tsx","path":"/manuals/client-user/61/userauth-cert-cli.html","webpackCompilationHash":"d1750f6cc413894a8b5c","result":{"data":{"promoBlocks":{"edges":[{"node":{"contentful_id":"47glnSpWzXeFylv2vfQEF8","internal":{"type":"ContentfulPromotionBlock"},"title":{"internal":{"type":"ContentfulHeading"},"contentful_id":"7KIOfSfgwJnCXuvRN6CfrP","textContent":"Standing privileges are a risk with PAM","color":"black","size":"medium"},"subTitle":null,"content":{"nodeType":"document","internal":{"content":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"content\":[{\"nodeType\":\"text\",\"value\":\"Start your journey towards a just-in-time (JIT) model with zero standing privileges (ZSP). Read 'Remove Standing Privileges Through a Just-In-Time PAM Approach' by Gartner , courtesy of SSH.COM.\\n \\n\",\"marks\":[],\"data\":{}}],\"data\":{}}]}"}},"callToAction":{"internal":{"type":"ContentfulButton"},"contentful_id":"19EUesynV2Z7HHcuJk0BAS","content":"Download Gartner research","internalLink":null,"externalLink":"https://info.ssh.com/gartner_research_privileged_access_management","assetLink":null,"anchor":null},"picture":{"internal":{"type":"ContentfulAsset"},"contentful_id":"2ClylmBswcfDx4XdO7NTmL","title":"ICON Gartner ZSP","description":"","file":{"url":"//images.ctfassets.net/0lvk5dbamxpi/2ClylmBswcfDx4XdO7NTmL/78e899153ed66aec3b03b9a2cacd112d/ICON_Gartner_ZSP_ICON_Gartner.png","contentType":"image/png"},"fluid":{"aspectRatio":1,"src":"//images.ctfassets.net/0lvk5dbamxpi/2ClylmBswcfDx4XdO7NTmL/78e899153ed66aec3b03b9a2cacd112d/ICON_Gartner_ZSP_ICON_Gartner.png?w=3000&q=50","srcSet":"//images.ctfassets.net/0lvk5dbamxpi/2ClylmBswcfDx4XdO7NTmL/78e899153ed66aec3b03b9a2cacd112d/ICON_Gartner_ZSP_ICON_Gartner.png?w=750&h=750&q=50 750w,\n//images.ctfassets.net/0lvk5dbamxpi/2ClylmBswcfDx4XdO7NTmL/78e899153ed66aec3b03b9a2cacd112d/ICON_Gartner_ZSP_ICON_Gartner.png?w=1500&h=1500&q=50 1500w,\n//images.ctfassets.net/0lvk5dbamxpi/2ClylmBswcfDx4XdO7NTmL/78e899153ed66aec3b03b9a2cacd112d/ICON_Gartner_ZSP_ICON_Gartner.png?w=1601&h=1601&q=50 1601w","sizes":"(max-width: 3000px) 100vw, 3000px"},"fixed":{"width":3000,"height":3000,"src":"//images.ctfassets.net/0lvk5dbamxpi/2ClylmBswcfDx4XdO7NTmL/78e899153ed66aec3b03b9a2cacd112d/ICON_Gartner_ZSP_ICON_Gartner.png?w=3000&q=50","srcSet":""}},"centered":true,"indentMainContent":null,"transparentBackground":null,"imageScale":70,"imagePadding":null,"name":"WIKI migration side promo block2","product":null,"funnel":null,"topic":null,"keywords":null,"type":null,"priority":null,"globalOverride":null}},{"node":{"contentful_id":"6dfNaA1UlY4bADKQk6awhs","internal":{"type":"ContentfulPromotionBlock"},"title":{"internal":{"type":"ContentfulHeading"},"contentful_id":"49Tb2wSR21P5C2cpcgMZ3","textContent":"Get Multi-cloud PAM software - for free!","color":"black","size":"medium"},"subTitle":null,"content":{"nodeType":"document","internal":{"content":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"PrivX® Free replaces your in-house jump hosts and combines your AWS, GCP and Azure access into one multi-cloud solution.\\n \\n\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},"callToAction":{"internal":{"type":"ContentfulButton"},"contentful_id":"1dmQ13jyyZ46ID07eVNVFb","content":"PrivX Free","internalLink":null,"externalLink":"https://info.ssh.com/privx-free-access-management-software","assetLink":null,"anchor":null},"picture":{"internal":{"type":"ContentfulAsset"},"contentful_id":"4UUYdjING8micwZQur5o6d","title":"ICON computer (search)","description":"","file":{"url":"//images.ctfassets.net/0lvk5dbamxpi/4UUYdjING8micwZQur5o6d/1b378a0f4646075c7a4788f1afffbabe/ICON_computer__search_.svg","contentType":"image/svg+xml"},"fluid":{"aspectRatio":null,"src":null,"srcSet":null,"sizes":null},"fixed":{"width":null,"height":null,"src":null,"srcSet":null}},"centered":true,"indentMainContent":null,"transparentBackground":null,"imageScale":70,"imagePadding":null,"name":"WIKI migration side promo block1","product":null,"funnel":null,"topic":null,"keywords":null,"type":null,"priority":null,"globalOverride":null}}]}},"pageContext":{"isCreatedByStatefulCreatePages":false,"body":"
\"SSH\"\"
\"\"
\"\"
\"Home\" \"Prev\" \"Up\" \"Next\"  

\nUsing the Configuration File (Unix)\n

To configure the client to authenticate itself with an X.509 \ncertificate, perform the following tasks:

  1. Enroll a certificate for yourself. This can be done, for \nexample, with the ssh-cmpclient-g3 or \nssh-scepclient-g3 command-line tools.

    Example: Key generation and enrollment using ssh-cmpclient-g3

    $ ssh-cmpclient-g3 INITIALIZE \n-P generate://ssh2:passphrase@rsa:1536/user_rsa \\  \n-o /home/user/.ssh2/user_rsa -p 62154:ssh \\\n-s 'C=FI,O=SSH,CN=user;email=user@example.org' \\\n-S http://fw.example.com:1080 http://pki.example.com:8080/pkix/ \\\n'C=FI, O=SSH, CN=Test CA 1'\n

    For more information on ssh-cmpclient-g3 and \nssh-scepclient-g3, see \nssh-cmpclient-g3(1) and \nssh-scepclient-g3(1).

  2. Place your keys and certificates in a directory where the \nConnection Broker can locate them.

    By default, the Connection Broker attempts to use each key found in the $HOME/.ssh2 \n directory on Unix, or in the %APPDATA%\\SSH\\UserKeys and \n%APPDATA%\\SSH\\UserCertificates directories on Windows. \n

    You can also add other directory locations for \nkeys on the Keys and Certificates page of the SSH Tectia \nConfiguration tool. See Managing Keys and Certificates. On Unix, you can use \nthe general/key-stores/key-store element in the ssh-broker-config.xml \nfile. See the section called “Key Store Configuration Examples”.

  3. (Optional) Create an identification file.

    Using the identification file is not necessary if all \nyour keys are stored in the default directory and you allow all of them to \nbe used for public-key and/or certificate authentication. If the \nidentification file does not exist, the Connection Broker attempts to use \neach key found in the default directory. If the identification \nfile exists, the keys listed in it are attempted first.

    Specify the private key of your software certificate in the \n$HOME/.ssh2/identification file (the CertKey \noption works identically with the IdKey option):

    CertKey     user_rsa\n

    The certificate itself will be read from user_rsa.crt.

    For more information on the syntax of the identification file, see \n$HOME/.ssh2/identification.

  4. Make sure that public-key authentication is enabled in the \nssh-broker-config.xml file (it is enabled by default).

    <authentication-methods>\n  <auth-publickey />\n...\n</authentication-methods>\n

    Other authentication methods can be listed in the configuration file \nas well. Place the least interactive method first.

\"Home\" \"Prev\" \"Up\" \"Next\"  

\n Copyright 2010 SSH Communications Security Corp.
\n This software is protected by international copyright laws. All rights reserved.
Contact Information

","head":"\nUsing the Configuration File (Unix)\n","url":"/manuals/client-user/61/userauth-cert-cli.html"}}}