Moab Access Portal Administrator's Guide - 2.1 SSH Public Key Configuration
2.1 SSH Public Key Configuration
Moab Access Portal® supports secure login by means of SSH key authentication, as opposed to password authentication.
To enable SSH key authentication, set the SSH-KEY-AUTH parameter in map.properties to TRUE.
After activating this features, there are two options or methods of handling this type of authentication:
- Run MAP's servlet engine as root so that MAP can access all users' homedirectories and their SSH keys in the ~/.ssh/ directory.
To run use this method you must enable the SSH-HOMEDIR-ACCESS parameter to tell MAP where it should look to find home directories.
(See the map.properties file for comments related to this.) For example, most systems would use:
SSH-HOMEDIR-ACCESS=/home
as the location of their home directories.
- Copy users' keys who will be using MAP to the {$CFGDIR}/map/ssh/ directory and rename each key
as <USER>_id where <USER> is the username owning the key.
When this is done, ensure that only the user running the servlet engine has permissions to read these files.
After these changes have been made, restart the servlet engine running Access Portal to load in the changes.
|
