Skip to Content

Set SSH Key Expiry for the gateway users

How to set SSH Key Expiry for the gateway users and force to rotate the public keys?


Overview: This article helps to configure SSH key of the gateway users to expire after a specific number of days from GUI. This setting allows you to set an expiration period for SSH keys, after which the keys will no longer be valid for authentication. Users will then need to log in using a password.


 

 


Step 1:  To set user SSH key lifetime, navigate to  Settings -> General -> Authentication -> Set User SSH key lifetime. Below Screenshot says that the SSH key will expire in 1 day. 

A value of 0 means that SSH keys will never expire.

Refer : How to add ssh public key for passwordless authentication in ssh

Step 2:  After a designated period has passed and the key for the specified user has expired, key-based authentication for logging into ezsh will fail. However, the gateway user will still be able to login to backend(ezsh) using password authentication.

The following is an expired SSH key, with its expiration determined by the date configured in the web GUI. When adding a key, users can view its expiration date by pressing the F2 or # key.




How to add a new key via WebSSH if the user's existing key has expired?

Step 1: Login to web GUI as the gateway user whose SSH key has been expired and click on the WebSSH icon

Step 2: Once web ssh console is open press "F2" or "#" on your keyboard which will take you to the section where you can manage SSH public keys. 

Step 3: Enter the SSH public key of the gateway user into the designated field and press "Enter" to confirm and save it. The key will then be used for authentication.

Step 3: Log in to ezsh, and the gateway user will be able to authenticate using the key.


Related articles:

How to add ssh public key for passwordless authentication in ssh

Is it possible to add more than one SSH public key to ezeelogin?

Different types of SSH authentication keys