When using key-based authentication to access Edges, a pair of SSH keys are generated—Public and Private.

The public key is stored in the database and is shared with the Edges. The private key is downloaded to your computer, and you can use this key along with the SSH username to access Edges. You can generate only one pair of SSH keys at a time. If you need to add a new pair of SSH keys, you must delete the existing pair and then generate a new pair. If a previously generated private key is lost, you cannot recover it from the Orchestrator. You must delete the key and then add a new key to gain access. For details about how to delete SSH keys, see Revoke SSH Keys.

Based on their roles, users can perform the following actions:
  • All users, except users with Operator Business or Business Specialist account roles, can create and revoke SSH keys for themselves.
  • Operator Super users can manage SSH keys of other Operator users, Partner users, and Enterprise users, if the Partner user and Enterprise user have delegated user permissions to the Operator.
  • Partner Super users can manage SSH keys of other Partner users and Enterprise users, if the Enterprise user has delegated user permissions to the Partner.
  • Enterprise Super users can manage the SSH keys of all the users within that Enterprise.
  • Super users can only view and revoke the SSH keys for other users.
    Note: Enterprise and Partners customers without SD-WAN service access will not be able to configure or view SSH keys related details.

To add a SSH key:

Procedure

  1. In the Enterprise portal, click the User icon that appears at the top-right side of the Window. The User Information panel appears.
  2. Click Add SSH Key. The Add SSH Key pop-up window appears.
  3. Select one of the following options to add the SSH key:
    • Generate Key—Use this option to generate a new pair of public and private SSH keys. Note that the generated key gets downloaded automatically. The default file format in which the SSH key is generated is .pem. If you are using a Windows operating system, ensure that you convert the file format from .pem to .ppk, and then import the key. For instructions to convert .pem to .ppk, see Convert Pem to Ppk File Using PuTTYgen.
    • Import Key—Use this option to paste or enter the public key if you already have a pair of SSH keys.
  4. In the PassPhrase field, you can choose to enter a unique passphrase to further safeguard the private key stored on your computer.
    Note: This is an optional field and is available only if you have selected the Generate Key option.
  5. In the Duration drop-down list, select the number of days by when the SSH key must expire.
  6. Click Add Key.

What to do next

Ensure that you enable secure Edge access for the Enterprise and switch the authentication mode from Password-based to Key-based. See Enable Secure Edge Access for an Enterprise.