login about faq

Hi,

I have created a successful profile under my Login ID using Tectia client 6.1.6.6, and this is working well.

Have copied file “ssh-broker-config.xml” to folder  C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-config.xml – with this other users don’t have to register under them.

But when other users login with their login details and try to connect via Tectia client, they still get the dialog box to register the public key.

This happens for users or services who don’t login to server and but will execute the batch via application.

**How can other users still send the files with creating the key?

Can there be a global public key for the whole machine?**

Please let me know what extra needs to be done to get this going.

Thanks in advance,

Regards,

Jai

asked Oct 25 '10 at 07:05

Jaideep's gravatar image

Jaideep
5655


Alternatively you can also save the server hostkey in the system wide location which would make them available for all users on that host and not require prompting to accept it.

Note that they need to be saved in non hashed form by using for example ssh-keyfetch.

On Windows, the system-wide host key files are by default located in:

on pre-Vista Windows:

"C:\Documents and Settings\All Users\Application Data\SSH\HostKeys"

On Windows Vista and later Windows versions.:

"C:\ProgramData\SSH\HostKeys"

link

answered Oct 25 '10 at 08:23

Roman's gravatar image

Roman ♦♦
7735817

To be accurate, the users are not actually creating a key here, they are being prompted to verify the server's identity and either accept or decline it.

In recent enough versions (6.1.4 or newer) of Tectia Client this can be configured to a more sensible setting for batch processing by setting the Host Key Policy to "Trust on First Use". This allows the key to be automatically saved on first use and will get a prompt only if the server identity has changed from what it was before.

For example, this is how to configure it in the broker configuration:

<default-settings>
  ...
  <server-authentication-methods>
    <auth-server-certificate/>
    <auth-server-publickey policy="trust-on-first-use"/>
  </server-authentication-methods>
  ...
</default-settings>

For more information see the in the Tectia Broker configuration under auth-server-publickey.

link

answered Oct 25 '10 at 08:17

Roman's gravatar image

Roman ♦♦
7735817

edited Jan 18 '11 at 06:24

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×19
×12
×9
×1

Asked: Oct 25 '10 at 07:05

Seen: 4,498 times

Last updated: Mar 29 '11 at 11:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.