The goal of this section is to guide the reader through how to configure their EnGarde Secure Linux machine for remote access via Secure Shell (SSH). Most day-to-day system administration tasks may be done via Guardian Digital WebTool but, every so often, you need to do something from the command-line.
By the end of this section the reader will have:
Configured their EnGarde Secure Linux machine to accept incoming SSH connections from their PC.
Properly configured the PuTTY SSH client with an SSH key.
Successfully logged into their EnGarde Secure Linux machine via SSH.
Before you can remotely log into your machine you need to create an account to login with. Using the procedure outlined in the previous section "Creating a Local User," create yourself an account.
Next you must permit access to the SSH service from your IP address or network. Using the procedure outlined in the previous section "System Access Control," permit access to the SSH service from your IP address or network.
Next you must log into the Guardian Digital Secure User Manager to generate and download an SSH key. For simplicity this section will not cover uploading an existing SSH key. If you already have an SSH key please refer to the EnGarde Secure Professional User Manual for assistance.
Begin by logging into the Secure User Manager:
Guardian Digital WebTool runs on port 1023 and the Guardian Digital Secure User Manager runs on port 1022. Make sure you access port 1022 and not port 1023!
Log in using the username and password you created at the beginning of this procedure. Once authenticated go down to the Generate a New Keypair section and you will see a ssection like Figure 6-6.
Fill out the information on this page using the suggestions below:
The base filename for the key files. If your machine's hostname is 'snoopy' you may want to just type that into the box. This field is provided so you may have more then one key configured.
Some comment-like text. Enter something like "My key to access snoopy."
The password used to unlock this key, enter something strong. Your passphrase, unlike a password may contain spaces and other characters. Enter something like "This is my key and there is no other like it!"
After you enter your passphrase you'll have to enter it a second time for verification.
When you're all done click the Generate Key button. Your machine will then generate a key and bring up a screen where you can download it to your PC. Download this file and store it in a safe place.
Before you can SSH into your machine you need to download an SSH client. This section will cover how to use the PuTTY SSH client for Microsoft Windows, available from the following URL:
Download the putty.exe and puttygen.exe files from the PuTTY website.
The key you downloaded must now be converted for use with PuTTY. Launch the puttygen.exe file, then click the Load button and navigate to the private key file you generated and downloaded in the previous section, Guardian Digital Secure User Manager.
You will be asked for a passphrase to access this key. Enter the passphrase that you used when generating this key. You should then get a popup window stating the the key was successfully imported. The key has now been converted to a format that putty can use.Click on OK.
Now it's time to save the converted key into a key type. Choose SSH-2DSA as the type in the Parameters section and then click on Save private key in the Actions section. Be sure to choose private key and NOT public key as this key is a private key. You will be asked to enter a file name to save this converted key in. Enter some ascii string followed by .ppk. For this example I will use xp-key-converted.ppk. Click on Save. You can now exit the puttygen program. You should now see the file xp-key-converted.ppk. The key conversion process is now complete.
Now launch putty.exe. When PuTTY first starts up you will be presented with the PuTTY Configuration dialog shown in Figure 6-7:
Click on Session in the left Category window. Enter the hostname or IP address of your EnGarde Secure Linux machine in the Host Name (or IP address) box in the right-hand window. Make sure Port is set to 22 and Protocol is set to SSH
Then click on Connection -> SSH -> Auth in the left Category window and you will see a dialog like the one in Figure 6-8. Click on the Browse... button next to the Private key file for authentication box and locate the private key that you converted using puttygen.
When you're all done click the Open button at the bottom of the PuTTY Configuration dialog box. You will be prompted to accept your machine's host key (click Ok) then you will be prompted to enter your username and then your key's passphrase.
If you are successful you'll be taken to a shell prompt.
PuTTY allows you to save sessions so you don't have to enter your machines hostname and key every time you want to connect.