Starting Services After Deployment
Physical appliances and private cloud instances include an initial SSH key for the System Admin "ksadmin" to use during launch. After launching, this key must be replaced in order for the CipherTrust Manager to start all of its services and become fully functional.
Replacing the SSH key is a one-time operation during deployment. You cannot replace the key a second time.
Note
If you launched a Virtual CipherTrust Manager from a public cloud such as AWS, Google Cloud, Microsoft Azure, or Oracle Cloud, the SSH key you provided at launch does not need to be replaced.
To replace the SSH key using the GUI
Create an SSH key pair outside of CipherTrust Manager. Your public key must be an RSA key in the OpenSSH format. We recommend RSA 4096, with RSA 2048 as a minimum size for adequate security. The corresponding private key can be OpenSSH, PKCS1, or PKCS8 format.
Browse to the CipherTrust Manager IP address.
If prompted to enter the a new SSH Public Key, paste in your SSH public key in the box provided and then select Add.
The Log In screen appears, verifying that the SSH key has been successfully replaced.
To replace the SSH key using the CLI
None of the CLI commands shown here require authentication.
Create an SSH key pair outside of CipherTrust Manager. Your public key must be an RSA key in the OpenSSH format. We recommend RSA 4096, with RSA 2048 as a minimum size for adequate security. The corresponding private key can be OpenSSH, PKCS1, or PKCS8 format.
Check if the existing SSH key needs replacement.
Sample Response:
Upload the public key to CipherTrust Manager:
CipherTrust Manager Upon successfully adding an authorized SSH key, the CipherTrust Manager services will start working momentarily.
Check that the services have started.
Sample Response:
To replace the SSH key using the API
None of the API calls shown here require authentication.
Create an SSH key pair outside of CipherTrust Manager. Your public key must be an RSA key in the OpenSSH format. We recommend RSA 4096, with RSA 2048 as a minimum size for adequate security. The corresponding private key can be OpenSSH, PKCS1, or PKCS8 format.
Check if the default SSH key needs to be replaced.
Sample Response:
Upload the new SSH public key.
Check that the services have started.
Sample Response:
Accessing the System before Services are Started
If you want to access the system before the services have been has started, you can use the hard-coded SSH key. The default key is show below:
Note
This default key can be replaced via cloud-init.