SSH PKA List and Configuration

At the top of the page, next to Current Administrator, you find the name of the administrator whose PKA you are configuring.

NetScreen devices support SSH version 1 and version 2. When SSHv1 is enabled on the device, the device expects public keys in the RSA format.

Example of an SSHv1 RSA public key

The SSHv1 RSA public key format appears as follows:

[root@hosta root]# more /root/.ssh/identity.pub 1024351233771452328934178253910492433668519871510726002818295
5387176511058467908491510599871635432445569083501594225
4547610477398572400482654994997914466593206057314139941
5213284116858742449440145391070489628714271283779194390
4151874654047713818180396328611010170770633828282239354
2764506723678861646838812171876591 root@hosta

An RSA public key contains three fields:

  1. Key length: 1024

  2. Exponent: 35

  3. Modulus: 123377145232893417825391049243366851987151072...

When SSHv2 is enabled on the device, the device expects DSA public keys in one of the following formats:

Example of OpenSSH format

The OpenSSH format appears as follows:

ssh-dssAAAAB3NzaC1kc3MAAABBANCJtwOAM6WoMQCu0Sp5UFNXk0xKCo4RP
+HKP82BIYgbaPYOCktFphXbNCx+l4okxXZUUvd5O8WQ5NPk1eoh64UAAAAVAJS94
U/UNSaAO/bSclVQRc1uDmbtAAAAQQC3w0REuQUII/hJRexnqYBkeR/h/mbw+KZHev
HUnDSnxtagUWMLQR+iXFkIahz0A2oQpiI32OHQx7op9YPG15lAAAAQAmQgPtMgxQ
BH/78M53f9ymnXPIfMY/gLhGY6+tG6LIyc/838Nw8KYsiCyGvFPDzuJSViDCbYbM2BSp
MtjYK/JE=user@location

A public key in the IETF format contains three fields:

  1. Key type name: ssh-dss

  2. Encode key: AAAAB3NzaC1kc3MAAABBANCJtwOAM6WoMQCu0S...

  3. Comment: user@location

Example of IETF SECSH format

The IETF format appears as follows:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "512-bit DSA, converted from OpenSSH by user@host"
AAAAB3NzaC1kc3MAAABBANCJtwOAM6WoMQCu0Sp5UFNXk0xKCo4RP+HKP82BIYgbaPYOCk
tFphXbNCx+l4okxXZUUvd5O8WQ5NPk1eoh64UAAAAVAJS94U/UNSaAO/bSclVQRc1uDmbt
AAAAQQC3w0REuQUII/hJRexnqYBkeR/h/mbw+KZHevHUnDSnxtagUWMLQR+iXFkIahz0A2
+oQpiI32OHQx7op9YPG15lAAAAQAmQgPtMgxQBH/78M53f9ymnXPIfMY/gLhGY6+tG6LIy
c/838Nw8KYsiCyGvFPDzuJSViDCbYbM2BSpMtjYK/JE=
---- END SSH2 PUBLIC KEY ----

A public key in the IETF format contains four fields:

  1. File header marker: ---- BEGIN SSH2 PUBLIC KEY ----

  2. Comment: Comment: "512-bit DSA, converted from OpenSSH by user@host"

  3. Encode key: AAAAB3NzaC1kc3MAAABBANCJtwOAM...

  4. File trailer marker: ---- END SSH2 PUBLIC KEY ----

Admin PKA Configuration

Before you can enter the necessary information in this dialog box, you must first generate a public/private key pair for your management station by running SSH-KEYGEN on a SSH client application. SSH client applications include OpenSSH and SecureCRT. Once the key pair is generated, open the public key file (typically a “.pub” file, but not exclusively) with any text editor.

To Add a New SSH PKA

  1. Copy the SSH key from the public key file and paste it in the box next to Encode Key.

  2. Click Add.

SSH PKA Keys List

The Configured SSH PKA Keys table lists all the PKA keys configured on the NetScreen device for the current administrator. The table displays the ID number, key length, and encode key. When you add a PKA, it automatically gets a unique ID number.

To Remove a PKA

  1. In the Configure column, click Remove for the PKA you want to remove.

A system message prompts you to confirm the removal.

  1. Click OK to continue or Cancel to cancel the action.