Skip to Content

Different types of SSH authentication keys

What are the various types of SSH authentication keys used in Ezeelogin?


Overview: This article describes the various types of SSH authentication keys used in Ezeelogin, including Ezeelogin Public Keys, and Cluster Keys, with their respective roles in server access and user management.


1. Ezeelogin Public Key (Global key).

Ezeelogin’s public key or global key is the SSH public key used by the Gateway server to access the remote servers. 

The private key corresponding to the public key is encrypted and stored in Ezeelogin and cannot be retrieved.

The private key for the global key is located at /usr/local/etc/ezlogin/id_key and the public key is located at /usr/local/etc/ezlogin/id_key.pub which is also visible in Ezeelogin software GUI under Servers -> Global Key. Global key which was created at the time of Ezeelogin installation supports ed25519, ecdsa, dsa, and rsa keys that can be regenerated. You can also use a custom key pair during installation only.

The global key supports ed25519, ecdsa, DSA, and RSA key types starting from the Ezeelogin version 7.37.9

Refer to the article to upgrade to the latest version.

The maximum supported private key size would be 4192 bits.

2. Ezeelogin Cluster Key.

Cluster keys in Ezeelogin serve dual purposes serving both as the means for communication between master-slave servers through SSH and also as the keys utilized for adding users in Ezeelogin. These keys are organized such that the private key is located at /usr/local/etc/ezlogin/id_clkey, with its corresponding public key residing at /usr/local/etc/ezlogin/id_clkey.pub. Ezeelogin cluster keys only support the RSA format. Cluster keys can be regenerated which will be also in RSA format.


KEY USAGE IN EZEELOGIN

1. SERVER ADD KEYS

  • ADD SERVER USING SSH KEY PAIR

    You can provide the SSH Private key (the corresponding public key should be added to the user authorized_keys of the remote server you are trying to add) which helps you to SSH to the server without a password. Refer to the detailed article to add a server using the SSH key pair in Ezeelogin.
  •   KEY MANAGEMENT

You can add the custom key in key management under the Servers tab >> Key ManagementOn adding the custom private keys in Key management, we can later select the private key while adding a server. Refer to the 3rd step in the below article.


2. USER SSH KEYS

  •  UNMANAGED SUBSSH USER

    You can set up key-based authentication for unmanaged SubSSH users by specifying the private key and passphrase of the SubSSH user. Ensure that the corresponding public key is added to the SubSSH user's authorized key file on the remote server. Refer detailed article below.
  • PASS THROUGH USER

    You can configure key-based authentication for pass-through users by providing the private key and passphrase of the pass-through user. Make sure to add the corresponding public key to the pass-through user's authorized key file on the remote server. Refer to the detailed article below.
  • Custom key for passwordless authentication for gateway user

SSH gateway users can add their SSH public Keys for passwordless authentication to access the ezsh shell (Ezeelogin backend shell). To enter your public keys,  press the F2 key in the Ezeelogin shell. These keys can be of any type and will be added to the authorized_keys file of the gateway user at /home/ezeelogin_user/.ssh/authorized_keys. This allows users to access the shell without being prompted for a password. Refer to the below article for more details.

3. SERVER IMPORT KEYS

  • To import servers from a CSV file with a custom key, add private keys along with passphrases in the Key Management section under Servers tab >> Key Management. Refer to the 2nd part of the below article.