sysconf ssh publickey

View or configure SSH public keys.

To add, list, delete, or clear public keys, see my public-key.

Once you enable public key authentication for an administration computer, the private SSH key (/root/.ssh/id_rsa) must be protected, and access to that computer must be restricted and password-protected. Anyone who can log into that computer can log into the Luna Network HSM 7 appliance without knowing the LunaSH admin password!
Use sysconf ssh regenKeyPair (and send the resulting new key(s) to your client(s)) when commissioning a new network HSM appliance or redeploying one that was used elsewhere.

CAUTION!   Always [re-]generate new/fresh public keys for your Luna Network HSM 7 HSM appliance SSH access, and trade with clients as appropriate, before you place the appliance in service or after any security incident that might compromise SSH access. Consider doing this whether you normally use public-key authentication or prefer password authentication - the point is to minimize potential attack surfaces at the appliance administration level. See sysconf ssh publickey.

Syntax

sysconf ssh publickey

disable
enable

Argument(s) Shortcut Description
disable di Disable SSH public key authentication. See sysconf ssh publickey disable.
enable e Enable SSH public key authentication. See sysconf ssh publickey enable.