To gain command line access to an Encryption Management Server you will need to connect using SSH with key based authentication.
One of the most popular open source SSH applications for Windows is PuTTY. In addition to the SSH application, it includes a command line SCP (Secure Copy Protocol) client for transferring files and an application for generating keys.
Windows 10 version 1803 and above and Windows Server 2019 and above include OpenSSH for Windows. It comprises a command line SSH and SCP utility as well as a command line utility for generating keys. This, therefore, is an alternative to PuTTY.
Note that if you regularly transfer files to Encryption Management Server, the open source WinSCP application is recommended. It is described in article 157406.
This article details how to use PuTTY or OpenSSH for Windows to connect to Encryption Management Server.
Accessing the server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Broadcom support agreement unless the following procedures are followed.
Any changes made to the server using the command line must be:
Important Notes: Installing third-party applications, or using customized scripts outside of written/contractual approvals/agreements is not supported. Symantec Encryption Management Server is scanned for security and is considered a locked box. As a result, SEMS is considered a secure device and making changes to the system could introduce security-related issues, therefore installing any third-party software is highly discouraged and is not supported. For more information on this topic, see article 206673.
Changes made through the command line may not persist through reboots and may be incompatible with future releases. Broadcom Technical Support may also require reverting any custom configurations on the server back to a default state when troubleshooting new issues.
Symantec Encryption Management Server 3.4 and above.
If you make regular SSH connections to Encryption Management Server and/or connect to multiple servers, PuTTY is recommended because it is a Windows application and allows you to save your sessions.
If you rarely connect to Encryption Management Server and/or do not wish to install PuTTY, the OpenSSH for Windows command line utilities will fulfil your requirements.
Encryption Management Server only supports key based authentication using SSH so whichever method you use there is some intial work required to create a key pair and import the public key into Encryption Management Server.
The latest stable release of PuTTY can be downloaded from here. The installation package includes a Windows application called PuTTYgen for creating keys, the PuTTY SSH application itself and a command line SCP client called pscp that you may find useful for transferring files. There are 32-bit and 64-bit versions available.
Download PuTTY and install it in the normal way, accepting all the default settings.
In attempting to connect to the Symantec Encryption Management Server via SSH, you receive an error:
"Unable to load private key file...Putty key format too new" and "Disconnected: No supported authentication methods available (server sent: publickey)"
Some of the newer versions of Puttygen create keys in a "version 3" format. SEMS works great with Version 2. To fix this, open PuttyGen for your key, and then click the Key Top Menu, and "Parameters for saving key files...":
In the screenshot above, check the PPK file version to "2", and click OK. Now re-export the key you generated and the key can now be used for SEMS.