IBM Support

How to connect to Guardium appliance with cli user without password via SSH using public key authentication

How To


Summary

In order to connect to a Guardium appliance as the cli user via public key authentication, a key pair must be created and the public key must be added on the Guardium appliance.

Steps

Creating a new SSH key-pair
First, a key-pair must be created:
  1. Run the following command to create a new key-pair: 
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    This creates a new key, using the provided email as a label. 
    Generating public/private rsa key pair.
  2. When prompted for the file in which to save the key, press Enter to accept the default location: 
    Enter file in which to save the key (/Users/<user>/.ssh/id_rsa):
  3. Enter a secure passphrase at the next prompt: 
    Enter passphrase (empty for no passphrase):
  4. Start the ssh-agent in the background: 
    eval "$(ssh-agent -s)"
Agent pid 62478
    Note: If you are using macOS Sierra 10.12.2 or later, you will need to modify ~/.ssh/config to automatically load keys into the ssh-agent and store passphrases in your keychain: 
    Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa
  5. Add the newly created private key to the ssh-agent: 
    ssh-add ~/.ssh/id_rsa
    Note: On macOS, also include the -K option. The -K option is Apple's standard version of ssh-add, which stores the passphrase in your keychain for you when you add an ssh key to the ssh-agent. If you specified a different file in step 2, replace id_rsa with the filename.
Adding the public key in Guardium
  1. Connect to the Guardium appliance as the cli user: 
    ssh cli@guardium_host
  2. Add the newly created public key: 
    store system public key authorized
    Paste the contents of the public key in at the prompt: 
    Please paste the SSH public key content here. Then press <ENTER> to continue.
    The following message will be displayed when the key is added successfully: 
    Key for your_email@example.com is added
ok
  3. The following command can be run to show the newly added public key: 
    show system public key authorized
    your_email@example.com
ok
  4. You can now connect to the Guardium appliance using public key authentication: 
    ssh cli@guardium_host
IBM Guardium, Command Line Interface (CLI)

Last login: Fri Feb 14 19:03:45 2020 from 9.160.121.146
Welcome cli - your last login was Fri Feb 14 19:03:46 2020
guardium_host>
    Note: If you specified a different filename other than the default id_rsa, you will need to use the -i option when running the ssh command and specify the location of the private key, e.g.: 
    ssh -i ~/.ssh/different_key_name cli@guardium_host

IBM Guardium, Command Line Interface (CLI)

Last login: Fri Feb 14 19:03:45 2020 from 9.160.121.146
Welcome cli - your last login was Fri Feb 14 19:03:46 2020
guardium_host>

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"appliance;authentication","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.5;10.6;11.0;11.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
19 May 2020

UID

ibm12495355

Page Feedback