How To
Summary
In order to connect to a Guardium appliance as the cli user via public key authentication, a key pair must be created and the public key must be added on the Guardium appliance.
Steps
Creating a new SSH key-pair
First, a key-pair must be created:
- Run the following command to create a new key-pair:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
This creates a new key, using the provided email as a label.Generating public/private rsa key pair.
- When prompted for the file in which to save the key, press Enter to accept the default location:
Enter file in which to save the key (/Users/<user>/.ssh/id_rsa):
- Enter a secure passphrase at the next prompt:
Enter passphrase (empty for no passphrase):
- Start the ssh-agent in the background:
eval "$(ssh-agent -s)" Agent pid 62478
Note: If you are using macOS Sierra 10.12.2 or later, you will need to modify~/.ssh/config
to automatically load keys into the ssh-agent and store passphrases in your keychain:Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa
- Add the newly created private key to the ssh-agent:
ssh-add ~/.ssh/id_rsa
Note: On macOS, also include the -K option. The -K option is Apple's standard version of ssh-add, which stores the passphrase in your keychain for you when you add an ssh key to the ssh-agent. If you specified a different file in step 2, replace id_rsa with the filename.
Adding the public key in Guardium
- Connect to the Guardium appliance as the cli user:
ssh cli@guardium_host
- Add the newly created public key:
store system public key authorized
Paste the contents of the public key in at the prompt:Please paste the SSH public key content here. Then press <ENTER> to continue.
The following message will be displayed when the key is added successfully:Key for your_email@example.com is added ok
- The following command can be run to show the newly added public key:
show system public key authorized
your_email@example.com ok
- You can now connect to the Guardium appliance using public key authentication:
ssh cli@guardium_host IBM Guardium, Command Line Interface (CLI) Last login: Fri Feb 14 19:03:45 2020 from 9.160.121.146 Welcome cli - your last login was Fri Feb 14 19:03:46 2020 guardium_host>
Note: If you specified a different filename other than the default id_rsa, you will need to use the -i option when running the ssh command and specify the location of the private key, e.g.:ssh -i ~/.ssh/different_key_name cli@guardium_host IBM Guardium, Command Line Interface (CLI) Last login: Fri Feb 14 19:03:45 2020 from 9.160.121.146 Welcome cli - your last login was Fri Feb 14 19:03:46 2020 guardium_host>
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"appliance;authentication","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.5;10.6;11.0;11.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
19 May 2020
UID
ibm12495355