SSH Certificate Authentication
You can enable certificate-based authentication on a target host with one of the following methods:
-
Run the PrivX host-deployment script on the target host Script-Based Certificate-Authentication Setup
-
Manually set up OpenSSH server and allowed principals on the target host Manual Certificate-Authentication Setup
To use certificate-based authentication for SSH connections, hosts serving as connection endpoints (target hosts) must use an SSH server that supports OpenSSH certificates. The exact required version depends on the chosen authentication method. For additional information about the supported authentication methods, see Supported Authentication Methods
Authentication Method | Required SSH version |
---|---|
Certificate authentication with shared accounts | OpenSSH 5.6 or later |
Certificate authentication with login-as-self (Directory account type) | OpenSSH 6.9 or later |
Determine the PrivX roles that can access the host, and the target users as whom they are granted login.
Updated over 3 years ago