Public Keys
Public Keys are cryptographic credentials used to verify the identity of remote components during SSH handshakes in USP. They work in conjunction with Private Keys and are essential for establishing trust between USP components and external clients.
In the context of USP and the proxy process, public keys are used in the following places to verify remote identities during SSH handshakes:
| Public Key Location | Purpose | Counterpart (Private Key Location) |
|---|---|---|
| External Incoming Connection (not in USP) | Public key used by an external client to verify the USP Server's identity during the SSH handshake. | Private Key is configured in the Inbound Node (as its Host Private Key). |
| Account | Public key used by the USP Server to authenticate external clients. | Private Key is held by the external incoming connection |
| USP Client | Public key used by the USP Client to authenticate the USP Server Tunnel. | Private Key is configured in the USP Server's Tunnel (as its Private Key). |
| Proxy Client | Public key used by the USP Server to authenticate the USP Client. | Private Key is configured in the USP Client's .hcl file under the key parameter. |
| Internal Target (not in USP) | Public key used by the internal target to verify the USP Server's identity. | Private Key is configured in the Rule (as its Private Key for Outbound Connection). |
For more information on where and how Public Keys are used, refer to Keys.
Public Key Administration via USP Admin UI
Adding a Public Key
To add a Public Key, follow these steps:
- From the Sidebar, click Authentication > Keys.
- Click Public Key.
- Click Add Public Key.
- Complete the details for the new Public Key using the Field Descriptions table as a guide.
- Click Save.
Field Descriptions
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the Public Key. |
| Yes |
| Description | The description of the Public Key. | No | |
| Key | The Public Key content. | Must be in SSH authorized keys format. | Yes |
Editing a Public Key
To edit a Public Key, follow these steps:
- From the Sidebar, click Authentication > Keys.
- Click Public Key.
- Click the Name of the Public Key you want to edit.
- Click the Edit button above the Public Key details.
- Edit the details of the Public Key using the Field Descriptions table as a guide.
- Click Save.
If you modify a Public Key that is currently in use by a USP Server instance, the changes will not take effect until you manually apply the updated configuration by pushing it to the server. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Updated Configuration column.
- If the changes are correct, click Push Configuration.
Public Key Metadata
Public Key details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| ID | Universally Unique Identifier of this Public Key. |
| Enabled | A Boolean value indicating the status of the Public Key. The only possible value is true. |
| Created At | Date and time this Public Key was created. |
| Updated At | Date and time this Public Key was last updated. |
Deleting a Public Key
To delete a Public Key, follow these steps:
- From the Sidebar, click Authentication > Keys.
- Click Public Key.
- Click the Name of the Public Key you want to delete.
- Click the Delete button above the Public Key details.
- You will be asked to confirm the deletion. Click Delete.
USP Manager prevents deletion of a Public Key if it is currently referenced by a Configuration Item.
Additionally, if the Public Key is used by a USP Server instance, the updated configuration must be manually applied. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Candidate Configuration - Preview section.
- If the changes are correct, click Push Configuration.
The changes do not take effect on the server until this step is completed.