by Christian T. Drieling – 10. February 2017

By default SSH on IGEL OS can only be used with a password (or also without a password) but not with you keyfile. To add Keyfile support, you have to manually edit the Thin Client Configuration.

a) Create your private and public key – this can be done on any SSH client e.g. IGEL OS:

  • Add a local terminal to your TC (accessories -> terminals -> add).
  • Start the local terminal and login as root.
  • Use “ssh-keygen” to create both keys. Follow the text instructions. Here you can also add a passphrase to your key for better security.
  • Now you should find the directory “.ssh” and two files in it “id-rsa” and id”_rsa.pub”.

b) Grab the files via UMS file-transfer.

  • In UMS console, right click on your TC -> other Thin Client commands -> File TC to UMS.
  • Thin Client file location is .ssh/id-rsa, in Target URL you can browse for ums_filetransfer and name your file id-rsa. You must do this a second time for rsa.pub.
  • Now you should find both files in INSTALLDIRIGELremotemanagerrmguiserverwebappsums_filetransfer. “id-rsa” is your private key. Keep it save.
  • Rename the file “id_rsa.pub” to “authorized_keys”. Now you can add further public keys from other Users. You will need a separate private key for all user who should be able to connect. You can use an editor like notepad++ to add additional keys to your authorized_keys file.

c) Enroll your public key to other TCs.

  • In UMS console, right click on “Files” in the object tree and chose “new file”.
  • Check “Select file from UMS server” and browse for your authorized_keys file.
  • As classification chose “Undefined” and in Thin Client file location type in /wfs/user/.ssh/authorized_keys.
  • In Access rights check Read/Write/Execute and select “User” as owner.
  • Assign the file to your TCs.

d) As last step you have to enable the SSH service which is disabled by default.

  • In IGEL Setup or UMS Profile go to System -> Remote Access -> SSH and check the “enable” checkbox.
  • Also enable the account “user” in the user access list. Mark “user” and click on the edit symbol. Uncheck the “Deny” checkbox.
  • Save or assign to your TC

More information about configuring SSH you find https://kb.igel.com/igelos-11.07/en/ssh-session-57334622.html

By Udo