Topic - (5) Configuring the SSH configuration window for client authentication using a public key

The last step is to configure the SSH configuration window for client authentication using a public key. To perform this step, type the appropriate values into the input fields of the Public Key Authentication group in the SSH configuration window.

In a previous step (step 2), you typed values into these input fields to export a public key file from the keystore file. However, in this step (step 5) you do not necessarily have to use all the same values that you used when you exported the public key file. Instead, set the values for public key authentication to correspond to the actual location, name, and contents of the keystore file on the workstation from which the SSH client is launched.

For some input fields in the Public Key Authentication group, if the input field is left blank, then Host On-Demand uses a default value when the session is started. Click here to learn more about these default values.

The image below shows the SSH configuration window for a VT Display session. Notice that:

• The SSH entry is selected in the left pane (see 1).

• The User ID field is enabled (see 2). This field (along with the Password field) is enabled because SSH was selected as the Protocol in the Connection window of the VT Display session configuration. In the example below, the User ID field is set to an actual user id (user1) of the host on which the SSH server resides. This must be the user id with which the SSH server was configured in a previous step.

• The Enable parameter for Public Key Authentication is set to Yes (see 3).

• The KeyStore File Path is set to the path and file name of the keystore file on the workstation from which the SSH client is launched (see 4).

  Here, because the KeyStore File Path is left blank, Host On-Demand uses the default path and file name for the keystore file when the SSH session is launched from the client. The default value for the path is the value specified in the Java system property user.home, and the default value for the file name is .keystore. For example, on a Windows client platform the default path and file name could be: c:\Documents and Settings\<userid>\.keystore. Click here for information on determining the value of user.home on a client system.

• The KeyStore Password (see 5) is set to the password (johnkeystore, displayed as ************) of the keystore file on the workstation from which the SSH client is launched.

• The Public Key Alias (see 6) is set to the alias (johnkey02) for the public-private key pair being used.

• The Public Key Alias Password is set to the password for the public-private key entry in the keystore file (see 7). Here, because the input field is left blank, Host On-Demand uses the default value when the SSH client is launched. The default value is the value used for the KeyStore Password. If this value fails, then Host On-Demand prompts the end user for the password.

• The password for Password Authentication is set to the actual password for the user ID on the host on which the SSH server resides (see 8). Here, because the input field is left blank, Host On-Demand prompts the user for the password if public key authentication fails.

  Leave this field blank if you want to force the end user to use public key authentication. If you specify a valid password here instead of leaving the field blank, then when the end user launches the session, and the VT Display session connects with the SSH server successfully, you cannot determine whether the connection succeeds because of public key authentication or because of password authentication.

When the end user starts this session, then Host On-Demand connects to the SSH server and displays a terminal session for user1. Click here to see a sample session window for an SSH session.