Configuring User Connections via SSH keys

Users can connect to SSH Proxy using SSH keys. This ensures secure and fast login to SSH Proxy without the need to use passwords.

Prerequisites

In the Configuration → User Authentication → SSH Key Authentication section, enable the Allow users to connect to SSH Proxy using SSH keys option.

Add the User.ManageSshAuthorizedKeys privilege to the role for the administrator who will add keys to users.

Getting and Adding Keys

Key in text format

1. Ask the user to generate an SSH key.

   Supported key encryption algorithms:

   • rsa-sha2-256
   • rsa-sha2-512
   • ecdsa-sha2-nistp256
   • ecdsa-sha2-nistp384
   • ecdsa-sha2-nistp521
   • ssh-ed25519
2. Request the public key from the user. The key string must contain the encryption algorithm and the key. Optionally, the string may contain a comment, such as a username and a host. Example: ssh-ed25519 AAAAC3... user@host.
3. Add the received key to this user in the Axidian Privilege administrator console.

X.509 Certificate

1. Ask the user to generate an X.509 certificate that does not have a certificate chain.

   Supported key encryption algorithms:

   • rsa-sha2-256
   • rsa-sha2-512
   • ecdsa-sha2-nistp256
   • ecdsa-sha2-nistp384
   • ecdsa-sha2-nistp521
   • ssh-ed25519
2. Request the certificate file from the user. Supported file extensions: PEM, DER, CRT.
3. Add the received file to this user in the Axidian Privilege administrator console.