HPE Community
Operating System - HP-UX
1833772 Members
2336 Online
110063 Solutions
New Discussion

How can I use a certificate instead of login/password to access HPUX V3 running on blades?

 
NavyYard
Valued Contributor

‎11-19-2014 06:39 AM

‎11-19-2014 06:39 AM

How can I use a certificate instead of login/password to access HPUX V3 running on blades?

Hi!

auditors want to access blade servers using certificate (CAC) instead of login ID / password to the server.

 

Is there a way to accomplish this task where auditors can login to these servers using Certificate on their CAC (Common Access Card).

 

What kind of additional hardware and software will be required to achive login with Cert?

 

Please advice.

 

Thanks

0 Kudos
Reply
3 REPLIES 3
Ken Grabowski
Respected Contributor

‎11-20-2014 12:27 PM - edited ‎11-20-2014 12:36 PM

‎11-20-2014 12:27 PM - edited ‎11-20-2014 12:36 PM

Re: How can I use a certificate instead of login/password to access HPUX V3 running on blades?

You can use ssh-keygen to create an SSH public and private certificate.  Put the private key file in your /home/username/.ssh directory on your target system and put the public file in /home/username/.ssh on your source system(s).  If you are using strict security you will have to get the permissions correct on the file and directory for it to work.  .ssh directory should be 750 or less. The certificate file should be 440 or less.  You may have to adjust it as you test.

 

Now you should be able to use ssh username@targetsystem and connect without password.  If your systems subject to STIGS you may want to review them to make sure you're staying within compliance.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-21-2014 04:13 AM

‎11-21-2014 04:13 AM

Re: How can I use a certificate instead of login/password to access HP-UX 11.31 running on blades?

If you look at login(1) there is a mention of:

HP-UX Smart Card Login

 

But I'm not sure how that works?

0 Kudos
Reply
RenatoMartini
Frequent Advisor

‎04-16-2015 08:15 AM

‎04-16-2015 08:15 AM

Re: How can I use a certificate instead of login/password to access HP-UX 11.31 running on blades?

To use a smart card (ISO 7816) & digital certifications in the Linux world is relatively easy, because we have a middleware (PC/SC), universal drivers to USB interface, and a set tools called OpenSC to manage a smart card and crypto token.

 

But I don't know if the HP-UX has a native support for devices like this. 

--Renato Martini (Brazil)
http://renatomartini.net
http://www.iti.gov.br
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.