.. _SSH_key_management:

SSH key management
------------------

.. index:: keys;keys create
.. index:: keys;keys add
.. index:: keys;keys send

SSH authentication requires maintaining the system SSH keys.  This can be done as follows:

* **keys create** creates a local SSH keyset
* **keys add <host>** adds the remote host to the known hosts list allowing outgoing connections
* **keys send <user>@<host>** will send the public key from the local SSH keyset to the remote 
  server, thereby enabling remote SSH authentication.

For example, if you wish to perform a backup to a remote host, first create a local key if 
necessary with **keys create**.  Allow communication with the host using **keys add <host>**.
Send the key to the remote host with **keys send <user>@<host>**.

If you select ssh key-based authentication that was set up
without a password, you will be prompted to input the password
when adding a sftp backup host:

::

  platform@VOSS-UN-6:~$ backup add remote sftp://dan@182.59.31.201/sftp
  No password found. Do you want to use sshkeys? [y/N]: y


.. important::

   If the username or password contains any of the following characters:

   ::

      ;|\\$&`!

   then use the backup setup command interactively by choosing "No"  at the prompts
   if SSH Keys are being used and then add the username and password directly.




The certificates are independent of web servers/proxies.

For more details on SSH key-based authentication, refer to OpenSSH documentation.


.. |VOSS Automate| replace:: VOSS Automate
.. |Unified CM| replace:: Unified CM