Book Demo!

˂ Return to FAQ

New Xton Documentation Center
Xton help has moved. Please visit the current version of this page for the most recent updates. Our new documentation center can be found at help.xtontech.com.

Using Public Key Authentication with native SSH Applications for Secure Sessions

XTAM’s SSH Proxy provides support for native SSH application such as SSH Shell, PuTTY, Secure CRT, MobaXTerm, ssh.com and others to establish high-trust connections to remote servers by using a personal account (managed by Microsoft AD, eDirectory or XTAM itself) without knowledge of the actual (shared or privileged) account on the destination server. XTAM’s SSH Proxy allows a connection to remote servers using both user/password or private/public key authentication strategies as supported by remote server for this account.

Using the private key authentication mechanism when connecting to remote SSH servers

  • Simplifies access
  • Promotes automation
  • Reduces the number of passwords
  • Increases overall network security

XTAM supports the use of your existing Public/Private key pair or it can generate its own Public/Private key pair. If you already have your own Public/Private key pair that you would like to use with XTAM’s SSH Proxy, please read the next section to enable. If you would like XTAM to generate you a new Public/Private key pair to use with the XTAM SSH Proxy, please jump to the second section.

For XTAM System Administrators managing these keys, please visit the section at the bottom of this page for available options.


 
 

To enable using your existing Public/Private Key Pair

Only RSA generated keys are currently supported.

1

Login to your XTAM user account and navigate to Management > My Profile > Preferences

2

For the Ssh2 Public Key parameter, click the Import () button and select your Public Key file (*.pub) from your pair.

3

Your public key will now be imported to your XTAM user profile and can be used to authenticate with your private key from this pair.

XTAM SSH Proxy - Existing Public Key Authentication


 
 

To enable using XTAM generated Public/Private Key Pair

1

Login to your XTAM user account and navigate to Management > My Profile > Preferences

2

For the Ssh2 Public Key parameter, click the Generate () button.

3

Choose the parameters for your public key generation and then click the Select button.

4

Your public key will now be generated. This process may take several seconds to complete, so please do not refresh your browser during this time. Once the public key is generated, you will receive a Success dialog, click the OK button to continue.

5

Your browser will automatically prompt you to download the Private Key (*.pem). Download and save your private key file to a safe location.

The private key is generated in .pem format. You may need to convert this format to another in order to use it in your SSH application (PuTTY’s *.ppk format for example) or to assign a key comment or passphrase.

XTAM SSH Proxy - XTAM Generated Public Private / Key Pair Authentication

 
 

To disable using any Public/Private Key Pair

1

Login to your XTAM user account and navigate to Management > My Profile > Preferences

2

For the Ssh2 Public Key parameter, click the Delete () button.

3

Click the OK button on the Delete Public Key confirmation dialog

4

Your Public Key is now removed from your XTAM account SSH Proxy authentication.
 

Note for all users using keys, if your key has expired or been blocked by a System Administrator then you will no longer be able to use it to authenticate. To confirm your key’s current status, navigate to your Preferences (Management > My Profile > Preferences)

  • For blocked keys, the value in your SSH Public Key parameter will be crossed out (strike-through font)
  • For expired keys, the value in your SSH Public Key Created parameter will be crossed out (strike-through font)

Please talk with your XTAM System Administrator for further information and assistance.

 

Note that XTAM stores only public keys in the user’s profile of the XTAM vault. The keys are not stored in the back end user directory (such as Active Directory).

 


 
 

System Administrator Key Management Options

 

To Expire Keys

1

Login to your XTAM with your System Administrator account and navigate to Administration > Settings > Parameters > SSH Proxy Public Key Expiration

2

Enter a value (in days) to expire these keys. Leave this parameter blank or empty to disable expiration.

3

Click the Save button.

 

To Block a User’s ability to authenticate with their key

1

Login to your XTAM with your System Administrator account and navigate to Reports > Users

2

Click the Columns dropdown menu and select the option labeled SSH Key. This column will display each user’s Public Key creation date. If they do not have a key associated to their account, it will be empty.

3

Locate the User that you wish to block in this report, open the Action menu for their account and select the option Block SSH Key

4

Click OK on the confirmation dialog prompt.

User blocked SSH Keys will be shown with their key creation date crossed out.

 

To Unblock a User’s ability to authenticate with their key

1

Login to your XTAM with your System Administrator account and navigate to Reports > Users

2

Click the Columns dropdown menu and select the option labeled SSH Key. This column will display each user’s Public Key creation date. If they do not have a key associated to their account, it will be empty.

3

Locate the User that you wish to block in this report, open the Action menu for their account and select the option Unlock SSH Key

4

Click OK on the confirmation dialog prompt.

The user’s SSH Key creation date will now be shown without the crossed out font.

 

Additional System Administrator or Auditor Information

  • Audit Log events are created for the generation, uploading and deletion actions related to user’s SSH Public Keys.
  • Audit Log events are created for the blocking and unblocking of a user’s key.
  • The Users report SSH Key column (hidden by default) will display the creation date of the user’s key.
  • The Users report SSH Key column (hidden by default) will display the creation date of the user’s key with four states:
    • Empty or blank: This user does not have a key associated to their account.
    • Normal font: This user has a key associated to their account that is not blocked and has not expired. Example: 06/15/2017 00:00:00
    • Strike-through font: This user has a key associated to their account and their key is blocked. Example: 06/15/2017 00:00:00
    • Italic font: This user has a key associated to their account and their key has expired. Example: 06/15/2017 00:00:00

 
 

Copyright © 2020 Xton Technologies, LLC. All rights reserved.