0

How To: Provision to a Windows server when SSH is used for connection

Applies to:

All Trust Protection Platform versions

 

Subject:

Some of the Venafi provisioning drivers are using SSH as a connection medium.

However, these application can be found running on Windows server.

To enable an SSH connection on a Windows server, a third party application must be installed.

Venafi Trust Protection Platform has been tested against copSSH v1.4.3 or Tectia Server v6, however, informal testing has been done with Cygwin.

This articles will cover the use of Cygwin to enable SSH, and then use an Apache application as an example.

 

Instructions:

IMPORTANT: Those steps are for information only. It is the administrator responsibility to make sure this implementation adheres to the company security policy.

Installing Cygwin

  1. Download Cygwin for your correct Windows OS version from the Cygwin website
  2. Start the Cygwin install wizard
  3. During the wizard select a Download site

  4.  Once all package list downloaded, select the below OpenSSH packages to be installed

  5. Click Next and complete the installation

Enabling OpenSSH for remote connection

  1. Open the Cygwin Terminal
  2. Type the command:
    ssh-host-config

  3. Answer all questions as they best fit your environment
  4. Once complete, you should have this screen

  5. Make sure to open port 22 on the server firewall if applicable

Configuring User access

  1. Log on as the user who is going to provision
  2. Start Cygwin Terminal
  3. Type the command
    ssh-user-config
  4. Follow all prompts

Configuring the Apache application in WebAdmin

  1. Create a device, and enter the hostname / IP address
  2. Create a username credential, this user will be the one created in teh above section. Note the username is case sensitive.
  3. Create an Apache application
  4. Associate a certificate
  5. Set the private key file path, certificate file path, and chain path


    Note: when using Cygwin, when writing files to the folder C:\apache2\ssl, the path is /cygdrive/c/apache2/ssl/

  6. Save
  7. Click push to provision
  8. The certificate should now be provisioned

 

More Information

https://support.venafi.com/hc/en-us/articles/215915067-5-Application-Objects


 

0 comments

Please sign in to leave a comment.