Breadcrumbs

censhare authentication with private/public key

For system user login (server to server login), there is a private/public key process with a signed token as an alternative to password authentication.


Introduction

https://infohub-author.censhare.com/download/attachments/15931568/KeyAuthentication.jpeg?version=1&modificationDate=1624268137744&api=v2



Note: Only RSA as the key algorithm is supported.

Public key naming

The keys are managed via keytool. For more information, see java's keytool.

Follow a naming convention @_ _ is optional.


The following client types are valid:

Bash
javaclient javaadmin javarender webclient webtunnel service-client online-channel remote-server shelladmin client

Example

master server CSS_ID = master remote server CSS_ID = remote

Remote Server

Prepare everything on the master server and sync to remote server:

  1. Create a keypair for the authentication:

    Bash
    keytool -genkeypair -alias system@remote-server -keyalg RSA -keysize 2048 \-keystore ~/cscs/app/config/keystore -storepass corpus \-validity 36500 -dname "CN=system, OU=Remote-Server, O=censhare AG, L=MUC, S=BY, C=DE"


  2. Sync to remote server:

    Bash
    rsync -axz --delete ~/cscs/app/config/ corpus@remote-server:cscs/app/config


  3. Restart censhare-Server on each host:

    Bash
    censhare.rc restart