AnswerIf you would like to use Certificate authentication for Linux checks in GFI LanGuard, you can proceed as follows to create a Linux authentication certificate.
- On the Linux machine, run the command ssh-keygen t rsa
- When prompted, enter the filename for the new key pair to be generated (the rest of the article will assume that the filename is [Filename])
- When prompted for a passphrase, ensure that no passphrase is entered. It is important that this is left empty since currently GFI LanGuard do not support passphrased certificates
- At this point 2 files will be generated: [Filename] and [Filename].pub
- Add the content of [Filename].pub to the authorized_keys file located in the user s <home>/.ssh/ folder. If the file authorized_keys does not exist in the user s <home>/.ssh/ directory, you will need to create the file manually
- Copy the file [Filename] to the GFI LanGuard machine. This is the file to be used with theGFI LanGuard SSH module. The [Filename] file is the private key and must be protected
- For each Linux machine you want GFI LanGuard to scan using Certificate authentication, you need to do the following:
- Copy the file [Filename].pub to the each Linux machine.
- Repeat step five above.
You can find more information on authentication certificates at: