Administer Proxy Touchpoints › Proxy Touchpoint Prerequisites › Create an SSH Trust Relationship to the Remote Host

Create an SSH Trust Relationship to the Remote Host

If you want to make public key authentication available for use, create a trust relationship from the proxy touchpoint host to the target remote host. Then, test SSH connectivity from the computer running the proxy touchpoint to the target computer. A trust relationship is created between two host computers.

CA Process Automation uses the public key authentication that you configure only if user/password authentication fails.

To create a trust relationship, use the ssh-keygen program to generate the private and public key pair. The private key stays on the host with the agent. Copy the public key to the target remote host that has no agent.

Follow these steps:

1. Generate a key pair. Use the following command, where user_name is the user name on the SSH user account you created on the target computer.

   ssh-keygen -t dsa -b 1024 -f user_name
   

   You are prompted for a passphrase to use later as a password.

2. Specify the pass phase in response to the prompt.

   The private key file named user_name and the public key file named <user_name>.pub are created.

3. Place the private key file named user_name in either of the following locations:
   • The private keys directory specified in the proxy configuration.

     The key is accessed from this directory with any host for which there is no target_host_name/user_name file.

   • The SshKeys/target_host_name directory, a subdirectory of the private keys directory specified in the proxy configuration. The private key is accessed from this directory when attempting to connect with user_name to target_host_name.

     The SSH Keys Path option specifies the location for the private keys directory in the proxy touchpoint properties dialog.

4. Transfer the public key file (user_name.pub) to the target host and place it where the SSH daemon can find it.

   Different SSH daemons follow different conventions. Examine the ssh-keygen options for details such as formatting requirements for the public key file.

5. For OpenSSH, concatenate the public file to the file which contains authorized keys for the user_name. Run the following cat command on the proxy target SSH host:

   cat user_name.pub >> ~user_name/.ssh/authorized_keys
   

More information:

CA Process Automation-Specific Requirements for SSH Connectivity