Configuring Servers to use Device Keys

Lee Painter

There is nothing special about your device keys other than the Private Key being stored exclusively on the mobile phone. Therefore in order to authenticate you must have the Desktop Agent software running, just like you may use the standard ssh-agent command-line program to temporarily store your keys to save you having to use the passphrase every time you SSH.

Automatic Setup

It is now possible to configure the server to trust any key in your gateway account. To do this requires the installation of some scripts and similar configuration to the file authorized_keys. however, this is a one-time-only operation. If your keys change each server that trusts the gateway is able to obtain your updated keys and provide you with a seamless login service as you rotate your keys regularly.

This will require that you can set up new packages on the server. If you cannot do this, you can ask the Server Administrator if they will install the scripts for you.

See Installing Automated Key Server Scripts

Manual Setup

You can manually set up any server to accept your key by placing your public keys in your ~/.ssh/authorized_keys file.

To access the public keys you can download these individually from your key listing on the gateway service and use them to configure access to your servers.

 

 

You can also run the authorizedKeys command on any desktop that you have installed the Desktop Agent on. Simply copy over the key(s) you want to use to your ~/.ssh/authorized_keys file on any server you want to access.