The Control Center provides the capability to open SSH connections to Local Managers and managed devices via the SSH Applet using SSH keys in lieu of prompting for a username and password.
Providing public keys to authenticate overrides TACACS/RADIUS authentication for that user.
This example walks through the process of configuring SSH Applet SSH key authentication for user ajones.
If the client workstation (i.e., the workstation that will launch the CLI applet to connect to the Local Manager or managed devices) is running Linux, Unix, or Mac OSX (or is running Windows with a Linux-like environment application like Cygwin), issue the following command in a terminal window to generate the key pair: ssh-keygen -t rsa.
/Users/admin > ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/ajones/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/ajones/.ssh/id_rsa.
Your public key has been saved in /Users/ajones/.ssh/id_rsa.pub.
The key fingerprint is:
53:6d:4d:bd:5e:45:15:e1:16:45:ad:67:b9:1b:ed:d9 ajones
If the Local Manager is running in FIPS mode, then an "rsa" key must be generated with at least 2048 bits - here is the command to generate this key pair: ssh-keygen -t rsa -b 2048.
If the client workstation is running a Windows operating system, the free puTTYgen tool can be downloaded and used to generate SSH key pairs. An example of this puTTYgen tool is shown below:
After installing and running the puTTYgen tool, perform the following:
The contents of the SSH public key text file should be provided to a Control Center admin if the user does not have privileges to edit their user profile. Next, the user or Control Center admin should log in to the web interface, navigate to the Administration-Users page and then click on the user to be provisioned with the SSH public key. In the example below, the SSH public key for user ajones is pasted into the Authorized Keys text box. Be sure to click Save after pasting the SSH public key.
Log into the Control Center, navigate to a Local Manager, and click on a SSH applet button.
Upon launching applet, you may be prompted to confirm that you trust the Control Center certificate and to allow the SSH applet access to your workstation - you must trust the certificate and allow the applet access to your workstation in order to continue.
Once the applet finishes initializing, click the Edit menu selection at the top of the screen and then click Preferences. Select the *Private Key** tab as shown below.
Next, click Browse on the popup menu, browse to and select the private key file, then click Open to set the path as shown below. Finally, click Save to save the path to the private key in a Lantronix cookie in the browser. Close the applet window.
This completes configuration for user ajones - ajones' public key is stored in the Control Center and the path to the private key is stored as a cookie in ajones' browser.
Once the private key has been configured as specified above, the SSH Applet failover feature is configured and active. To use the SSH Applet to access the console port of a managed device, connect to the web interface of the Control Center and navigate to the Inventory page. Select a Lantronix device from the Inventory tree to bring up its Summary page. Launch the Control Center applet by clicking on the SSH button. The applet should establish and authenticate the SSH session without the user having to enter a password.