Tripp Lite B098016V Owners Manual for B093- B097- and B098-Series Console Serv - Page 259

15. Advanced Configuration 15.6.8 SDT Connector Public Key Authentication SDT Connector can authenticate against a console server using your SSH key pair, rather than requiring you to enter your password (i.e. public key authentication). • To use public key authentication with SDT Connector, first create an RSA or DSA key pair (using ssh-keygen, PuTTYgen or a similar tool) and add the public part of your SSH key pair to the console server. • Next, add the private part of your SSH key pair (this file is typically named id_rsa or id_dsa) to SDT Connector client. Click Edit: Preferences: Private Keys: Add, locate the private key file and click OK. You do not have to add the public part of your SSH key pair, it is calculated using the private key. SDT Connector will now use public key authentication when SSH connects via console server. You may have to restart SDT Connector to shut down any existing tunnels that were established using password authentication. If you have a host behind the console server that you connect to by clicking the SSH button in SDT Connector, you can also configure it for public key authentication. Essentially, what you are using is SSH over SSH. The two SSH connections are entirely separate, and the host configuration is entirely independent of SDT Connector and the console server. You must configure the SSH client that SDT Connector launches (e.g., Putty, OpenSSH) and the host's SSH server for public key authentication. 15.7 Secure Sockets Layer (SSL) Support Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data transferred over the SSL connection. The console server includes OpenSSL. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general-purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan and develop the OpenSSL toolkit and its related documentation. OpenSSL is based on the Slay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which means you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. In the console server, OpenSSL is used primarily in conjunction with http in order to have secure browser access to the GUI management console across insecure networks. More documentation on OpenSSL is available at: http://www.openssl.org/docs/apps/openssl.html http://www.openssl.org/docs/HOWTO/certificates.txt 15.8 HTTPS The management console UI is served using HTTPS by the built in Cherokee webserver. If your default network address is changed or the unit is to be accessed using a known domain name, you can use the following steps to replace the default SSL certificate and private key with those tailored for your new address. 15.8.1 Generating an Encryption Key To create a 1024-bit RSA key with a password, issue the following command on the Linux host command line with the openssl utility installed: openssl genrsa -des3 -out ssl_key.pem 1024 259