BoKS' sshd allows logins authenticating with certificates and one option is to use certificates produced by BoKS' internal CA, but you can also use certificates from an external CA and this article describes how to set that up from the command line.
Note: You need to use BoKS SSH Client for Windows for certificate login.
1. Transfer the external CA certificate chain files to the Master and register them one by one using the command cacreds set.
cacreds set -f CAfile.cer -c VERIFY
2. Transfer the user certificate file to the Master.
3. In order to connect the certificate with a user, you need to have a string that is unique to this certificate and this can be obtained using the command mapcert keys:
mapcert keys -c usercert.cer
MD5 mapkey = "g0WiZAN/8aBoOol/4EPcyw=="
uuid = "firstname.lastname@example.org"
4. Now the certificate can be mapped to a BoKS user either using the MD5 mapkey or the uuid.
mapcert set -u HOSTGROUP:user -k "g0WiZAN/8aBoOol/4EPcyw=="
mapcert set -u HOSTGROUP:user -K "email@example.com"
Mappings can be listed using:
Still have questions? We can help. Submit a case to Technical Support.