Cisco Web Security Appliance

How do I setup the SCP log push user key with an SSH Tectia 4.0 server?

Document ID: 117992

Updated: Jul 17, 2014

Contributed by Josh Wolfer and Siddharth Rajpathak, Cisco TAC Engineers.



How do I setup the SCP log push user key with an SSH Tectia 4.0 server?


Cisco Web Security Appliance (WSA), all versions of AsyncOS.


Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.

The following information regarding the SSH Tectia server was obtained from (Page 51-52).

  1. Copy the user key that is provided when setting up SCP as the log pushing mechanism.
    1. In the GUI, 'System Administration' tab > 'Log Subscriptions' > 'Accesslogs'.
    2. In the CLI, 'logconfig'.
  2. After clicking 'submit' (or finishing the 'logconfig ' CLI command), you will be presented with the user public key.
  3. Take this key text and save it into a file on the SSH Tectia server.
    1. Please note that the text should be on a single line. If there are carriage returns in the key, please remove them before saving.
    2. The location to save the file is: ~/.ssh2/<public_key_filename>.
    3. This must be in the home directory of the user that you wish to authenticate using this key.
  4. Create the following file: ~/.ssh2/authorization.
    1. The file should consist of the following information:
      Key <public_key_filename>
    2. This will tell your SSH Tectia server to use the following key for authentication of the corresponding user.

Note: On standard Linux / Unix servers, you will need to copy and paste the SSH key into a file named ~/.ssh/authorized_keys. This is in the home directory for the user you wish to authenticate as.

Updated: Jul 17, 2014
Document ID: 117992