Page tree

To securely use SSH to access Asset Manager with a locally accessible private key, follow this process:

Before You Begin

Verify that tools such as putty, winscp, puttygen, or terminal are installed on your workstation.

User Authentication via SSH

You will need to access a PKI-enabled Command Center via SSH to work in the CLI of a CAC-enabled Asset Manager system.

Certificate files you will need for SSH Authorization

  1. Workstation Public Key
  2. Workstation Private Key

Obtain RSA Key Pair

  • Using SSH keygen
    You can generate the keypair using line command SSH-keygen or an application like puttyGen.    
    • On the workstation you will use to access Asset Manager, you will use the ssh-keygen command to access your RSA private and public keys



  • Using PuttyGen
    You can generate the keypair using an application like puttyGen.    
    1. Open Putty Gen and select Generate KeyPair.
    2. Save the private key in a secure location on your machine. 
    3. Copy the string for the public key (starts with ssh-rsa) and save it as a Rich Text file using WordPad.  When saving define the filename with .pub; for example user1-public-key.pub.  This is your public key file.  Note do not use Notepad as it will contain extra line breaks when converted to UNIX format.  

Convert RSA Key Pair Files in the Correct Format

No file conversion is needed for SSH access if using the ssh-keygen or puttyGen.  Other key-pair generation applications may require format conversion.

Installing the SSH RSA Public Key

   1.USING GUI

    1. Select Settings > Users > Manage PKI
    2. Select a user under User ID.
    3. Select SSH Key under Certificate Type. 
    4. Verify the Install radial button is selected
    5. Drag and drop or browse to the user public file in “Upload an SSH Key” box and click Submit.


2. USING CLI

  1. Upload the ssh public key to the Lumeta system remembering the file name and Lumeta directory path it was saved.
  2. Run the following command on the CLI to install the public key
    certificate ssh install /pathto/file/”filename”  <user name>

Enable PKI

Enable PKI through GUI if not done already

  1. Select Settings > Asset Manager Systems > System Information panel > PKI.
  2. Switch the Require user certificate key to enabled. 
  3. You will need to acknowledge and verify the result of requiring a user certificate for non-PKI users. If you will proceed, click Enable PKI

Accessing Command Center via PuTTY

You can now access the Command Center from your workstation.  Below is an example how to do so via putty. 

  1. Open Putty and in configuration, go to Connection > SSH > Auth and select the private key under Private key file for authentication.  Add the host information and save the session.
  2. PuTTY will use the public-private key pair to authenticate.  It should not prompt you for a password unless a password has been set on the private key.






  • No labels