SSH Server Setup for Digital Certificate Authentication (4 Step Process)
The Georgia SoftWorks’ SSH Server Certificate Based Authentication is a better and more secure solution for commercial environments. Passwords are risky and weak. While plain public keys are superior to passwords, for client authentication plain public keys lack a convenient method of matching them to user accounts on which the SSH sessions are expected to run. The difficulty and complexity required for configuration of public key solutions is daunting for most and impossible for others. With plain public keys, human mistakes can compromise the security of the solution.
A Digital Certificate (also known as public key certificate or identity certificate) binds an identity to a public key value. It is an excellent method of verifying the identity while the configuration and setup is much simpler to understand and easier to manage.
Georgia SoftWorks researched and developed an innovative, easy to use, and secure implementation a 'validation and mapping’ method. All of the configuration is done through a GUI with wizard style dialogs reminiscent of IIS certificate-to-user account mapping. The solution preserves all of the cryptographic strength of the public key solution, adds convenient, well scaling, certificate-to-user account mapping options while eliminating the time consuming, error-prone, and potentially insecure setup.
4 Easy Steps for your Quick Start Server Setup!
Steps for One-to-One Mapping (Maps individual certificates to individual user accounts):
-
Logon as Administrator to the computer running the SSH Server
-
Install the root CA(s) and intermediate CA(s) for all certificates that will be used by the client software.
-
Copy all certificates that you want to allow to be used for logon to a location accessible to the server (a local or network drive). Make sure you use .cer files for the server and PFX files for the client (you may have to perform separate export procedures for the .cer and PFX file).
-
Run the GSW Certificate Mapping Tool and configure the ‘One-to-One’ digital certificate to user account mapping rules.
Steps for Many-to-One Mapping (Creates an association between multiple certificates and a user account):
-
Logon as Administrator to the computer running the SSH Server.
-
Install the root CA(s) and intermediate CA(s) for all certificates which will be used by the client software.
-
Run the GSW Certificate Mapping Tool and configure the ‘Many-to-One’ digital certificate to user account mapping rules.
-
Optional (but STRONGLY recommended): Use the GSW Certificate Mapping Tool to configure a Certificate Trust List.