Replacing SSH Keys for PGP Encryption Server
search cancel

Replacing SSH Keys for PGP Encryption Server

book

Article ID: 413390

calendar_today

Updated On:

Products

PGP Key Management Server

Issue/Introduction

This article describes the process of installing or replacing SSH keys for PGP administrators in the PGP Encryption Server console.

Access to the server directly is heavily restricted. The only supported method of access is to install a key into an super-user administrator profile within the PGP Encryption Server console, and then specify that key during an SSH connection.

Environment

PGP 11.5 and older

Resolution

For details on how to create the keys used for SSH, please see the following article:

153592 - Access the PGP Encryption Server by using SSH (Symantec Encryption Management Server)

Once keys are created, you can install them into existing administrators in the console. To do this:

  • For 11.x and newer, open the PGP Encryption Server console and load the old console using the Globe/Lock button at the top right, then sign in
  • Once in the grey OMC console, go into System > Administrators, and click on the name of a Super-User administrator you wish to use for sign in.

  • Click the Plus Sign (+) at the right of the new window, and upload your key:


    Note: You can upload the public key file itself, or copy and paste the keyblock from PuttyGen when the key was generated. If one doesn't import, try the other method. For more information, see the article link at the beginning of this section.

  • Once imported, you'll see the key string appear in the field on the previous window. Be sure to click save at the bottom right of this window once the key string appears, or the addition will not happen.

 

Now that the key is uploaded to the user, you can connect via SSH to the server. 

NOTE: If you wish to rotate this key for a user, you can click the Circle/Slash button to the right of the SSHv2 Key and remove the key, and follow the procedure again to upload a new key. Again, be sure to click Save after doing so while viewing the user profile with the changes made.

 

 

A common way to connect to the server is by using PuTTY and setting up a profile. Here is an example of a profile you can set up:

  • In Session, Fill out the Host Name with root@hostname. Even though you associated the key with a user in the console, you'll still use root as the user in the SSH connection.


  • Then in the left column, expand Connection, then SSH, then Auth, and click on Credentials. Click the browse button and select the private .ppk file of the SSH key.
    Note: The location to upload the private key in PuTTY may be different depending on the PuTTY version.


  • Go back into Session in the left column, and give a name to the connection profile (PGPConnection in the example in the first PuTTY example) and then click Save. It should create an entry with that name in the list. 

You can now double click the entry in the Saved Sessions list, or click load while it's highlighted to start the SSH connection. It will prompt you for a passphrase if your generated SSH key was made with a passphrase (recommended). This will be the passphrase given to the key, not the PGP Encryption Server administrator's passphrase.

Once the passphrase is entered, it will bring you to a command prompt and access is now established.

 

Powered by Wolken Software