Question
How do I setup the SCP log push user key with an SSH Tectia 4.0 server?
Environment
Cisco Web Security Appliance (WSA), all versions of AsyncOS.
Solution
Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.
The following information regarding the SSH Tectia server was obtained from http://www.ssh.com/support/documentation/all/server/4.0/ (Page 51-52).
-
Copy the user key that is provided when setting up SCP as the log pushing mechanism.
-
In the GUI,
'System Administration' tab > 'Log Subscriptions' > 'Accesslogs'.
-
In the CLI,
'logconfig'.
-
After clicking
'submit' (or finishing the '
logconfig ' CLI command), you will be presented with the user public key.
-
Take this key text and save it into a file on the SSH Tectia server.
-
Please note that the text should be on a single line. If there are carriage returns in the key, please remove them before saving.
-
The location to save the file is: ~
/.ssh2/<public_key_filename>.
-
This must be in the home directory of the user that you wish to authenticate using this key.
-
Create the following file: ~
/.ssh2/authorization.
-
The file should consist of the following information:
Key <public_key_filename>
-
This will tell your SSH Tectia server to use the following key for authentication of the corresponding user.
Note: On standard Linux / Unix servers, you will need to copy and paste the SSH key into a file named ~/.ssh/authorized_keys. This is in the home directory for the user you wish to authenticate as.
Feedback