Public-Key Authentication

  1. Obtain the public key of the role you want to authorize. To do this, go to Administration→Roles and Edit the role, then under Principal keys, copy one of the public keys.

    If the role does not have any keys, you will need to Generate Principal Key or Import Principal Key, then copy the resulting public key.

  2. Authorize the public key to the target user on the target host. In OpenSSH for example, this is done by appending the public key to the authorized_keys file, typically located at ~/.ssh/authorized_keys.

    All the members of the role should now be able to connect to the target user with public-key authentication.

  3. Ensure the authorized_keys file and its parent directories have correct permissions and ownership. Running the following commands sets the file and folder permissions:

    $ chmod 0700 ~/.ssh/
    $ chmod 0644 ~/.ssh/authorized_keys
  4. Verify that login to target user works without password. If login does not work, review syslog files from the target server. Correct syslog file containing SSHD login error information varies per Linux/Unix system and syslog setup. Below are some example commands to search for SSH login error information:

    # grep sshd /var/log/messages
    # grep sshd /var/log/auth
    # grep sshd /var/log/secure

Was this page helpful?