This article details the steps to setup SSH access to a PGP Universal Server 2.x using Mac OS X.
A SuperUser Administrator account has the ability to import an SSHv2 public key, the corresponding private key can then be used to authenticate remotely via an SSH session.
This enables an administrator to establish root, command-line access to the PGP Universal Server. Thereby allowing you to perform various administrative tasks that cannot otherwise be performed through server's browser-based administrative interface.
|Warning: Establishing root access to your PGP Universal Server(s) may violate your support warranty with Symantec Corporation, and could lead to system instability. You should not establish root access to your PGP Universal Server(s) unless directed to do so by Symantec Technical Support.|
Use the instructions below to create and import an SSH key for a SuperUser Administrator account when using a Mac.
Since Mac OS X systems include an implementation of OpenSSH, you should not need to install any additional software to create an SSH key.
To Create an SSH key:
- Open the Terminal program.
- Generate an SSH key by typing ssh-keygen -t rsa
When prompted for a location, press Enter to save the key in the default location.
- When prompted, enter and confirm the passphrase to protect the private portion of the key.
- The keys are created in the ~/.ssh/ directory with the keypair named id_rsa and the public key
- Type cd ~/.ssh to switch the directory.
To Import an SSH key:
- Log into the PGP Universal Server administrative interface.
- Click the Users card then select Administrators.
- Select the SuperUser administrator to which you want to add an SSH key.
- Click the Plus sign icon next to SSHv2 Key:. The Update SSH Public Key is displayed.
- In the Terminal window on the Mac, type ls to view all of the files in the cd ~/.ssh directory. The files for the keys created previously are listed.
- type cat id_rsa.pub (or the name you specified for your key). The key block for your key is displayed. The key block similar to the key block below.
- Copy the entire key block.
- On the server in the Update SSH Public Key, select the Import Key Block radio button and paste the key block into the window.
- Click the Import button. Your SSHv2 key is displayed on the SuperUser account.
After importing an SSHv2 key to a SuperUser account, you can access the server via SSH by typing the following:
Then enter the passphrase for your key.
Accessing the PGP Universal Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.
Any changes made to the PGP Universal Server via the command line must be:
- Authorized in writing by Symantec Technical Support or published as an approved and documented process on the Symantec Knowledge Base.
- Implemented by a Symantec Partner, reseller or Symantec Technical Support.
- Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server itself.