To gain command line access to an Encryption Management Server you will need to connect using SSH (Secure Shell) with key based authentication. You can do this from Windows using an SSH client such as PuTTY.
You can create a key using PuTTYgen.
The latest stable release of PuTTY and PuTTygen can be downloaded from here. There is also a command line SCP (Secure Copy Protocol) client called pscp that you may find useful for transferring files. There is a 32-bit and 64-bit version of each utility.
This article details how to utilize PuTTYgen and PuTTY to connect to Encryption Management Server.
Accessing the server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.
Any changes made to the server using the command line must be:
Authorized in writing by Symantec Technical Support or published as an approved and documented process on the Symantec Knowledge Base.
Implemented by a Symantec Partner, reseller or Symantec Technical Support.
Summarized and documented in a text file in /var/lib/ovid/customization on the Encryption Management Server itself.
Note: Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on the server back to a default state when troubleshooting new issues.
Symantec Encryption Management Server 3.3.2 MP13 and above.
Create an SSH key pair using PuTTYgen
Confirm the Parameters (at the bottom of the PuTTY Key Generator window) for the type of key to generate. The defaults of RSA 2048 bits are suitable.
Create a key pair by clicking on the Generate button in the Actions section. Generate some randomness for the key by moving the mouse over the blank area.
After the key generation is complete, right click in the area called Public key for pasting into OpenSSH authorized_keys file and choose Select All, then right click and choose Copy to place the public key block on the clipboard.
Log in as a user with SuperUser role permissions to the Encryption Management Server administration console.
Click on System / Administrators and click on the name of an account with a role of SuperUser. Note that keys can only be added to users with the SuperUser role.
Click the + button on the right of the SSHv2 Key field. This will open the Update SSH Public Key page.
Click the Import Key Block radio button and paste the public key block from the clipboard. Then click the Import button.
After you import the key you will notice the fingerprint of the key appears in the SSHv2 Key field. You can verify that this fingerprint matches the fingerprint found in the Key fingerprintt field in puttygen.
Click Save to save the changes to the user.
Optionally, in PuTTYgen enter a passphrase for the private key. You will be prompted for this passphrase each time you SSH to the Encryption Management Server.
In PuTTYgen, click on the Save private key button to save the private key. PuTTYgen uses the *.ppk file extension for private keys.
SSH to Encryption Management Server using PuTTY
Use the following steps to connect to Encryption Management Server using ssh:
Enter the Encryption Management Server FQDN or IP address in the Host Name (or IP address) field. For example, keys.example.com.
Confirm that the Port field is set to the default of 22 and the Connection type field is set to the default of SSH.
Under the Category section on the left of the application window, expand SSH and click on Auth.
Click on the Browse button and select the *.ppk private key file that you created using PuTTYgen.
Under the Category section on the left of the application window, click on Session.
Enter a name for the connection in the Saved Sessions field and click the Save button to save the connection. For example, keys.
Click the Open button to connect to Encryption Management Server.
When prompted for the username, enter root.
The first time you log in a security warning will appear. Click Yes to continue.
If you saved the private key with a passphrase, you will be prompted for it.
To quit your SSH session enter exit.
To open a saved session in PuTTY, simply double click on the name of a saved session.
Imported Document ID: TECH149673
Subscribing will provide email updates when this Article is updated. Login is required.