By bgfrasso - 2/8/2012 3:11:56 AM
Hello,
We have a Unix box that needs programmatic access (SSH) to a file system on Windows box. We have FortressSSH installed on the Windows box. Can FortressSSH be configured to only authenticate using a public key and no password?
When we try this, we get prompted for a password on the first connection attempt. This is fine for the very first time, but when the password on the account changes we are again prompted to enter the password. Security makes us change password every 60 days so we don't want to store passwords. This password prompt becomes difficult for programmatic interfaces.
If we are storing the key from the Unix box in the authorized_keys2 file, why then to we also need to cache a password?
Thanks, Brian
|
By Technical Support Group (TSG) - 2/8/2012 8:00:38 AM
Hi Brian,
Under Local Server Configuration > Authentication > Password Options, you need to set "Store Passwords" to Never. If you had the Store Passwords option set to something other than "Never", you will need to delete the "PAD" key from the following registry location: HKEY_LOCAL_MACHINE\Software\PragmaSystems\SSHD.
After setting the Store Password to Never, click on the Public Key Options and select the following two features:
1. Store keys in authorized file (auto loads your key into the authorized_keys2 file) 2. Allow authentication from file (authorized_keys2 file)
With the above setup, you will be prompted to enter your password the very first time that you sign on. Your subsequent connections will not be prompted for password since the stored key will be used to validate the user and granted access, even if your password changes. However, please note that with the Store Passwords Options set to Never, you will NOT be able to access network shares on the Windows machine running Fortress SSH Server. Hope this helps.
Thank you,
Technical Support Group Pragma Systems, Inc.
|
|