Managing Key Pair Authentication

IT Asset Management (Cloud)
Private-public key pair authentication for SSH can be more secure than password authentication, although there are some general guidelines you should follow to manage your key pair authentication:
  • Keep the private key private. Do not store it in a public location.
  • Always save it with a well-chosen passphrase.
  • Be aware that although Password Manager, when using the default FlexNet Beacon vault, keeps a duplicate of the private key file (in an encrypted form), the original is still required if you need to reconfigure Password Manager.

As an additional security step, OpenSSH offers a from option that allows you to enter extra details on the public key, limiting the hosts for which the public key will work. Notice that this may render the target device inaccessible if the network configuration of the inventory beacon changes. To mitigate this, you can include additional hosts, or create another private-public key pair to allow access in this circumstance. See the OpenSSH documentation for further details.

Testing key pair credentials

If you want to test SSH credentials, you need two programs: an SSH client and an SSH agent. SSH clients attempt to obtain key pair values from the SSH agent. If authentication fails, the client will test authentication by prompting for a password.
Table 1. Suitable test programs for OpenSSH and PuTTY
Key format SSH client SSH agent Testing notes

OpenSSH

ssh ssh-agent

Use ssh with high verbosity to see which methods of authentication are enabled in the authentication process.

PuTTY

PuTTY.exe Pageant

You can adjust settings in PuTTY.exe to enable or disable the Pageant and keyboard-interactive (password) authentication types during authentication tests.

IT Asset Management (Cloud)

Current