Managing SSH keys using the CLI

You can use the command-line interface (CLI) to work with Secure Shell (SSH) keys.

The system supports up to 32 interactive SSH sessions on the management IP address simultaneously.

Note: After one hour, a fixed SSH interactive session times out, which means the SSH session is automatically closed. This session timeout limit is not configurable.

To work with SSH keys, complete these steps:

Issue the lsuser CLI command to list the SSH keys that are available on the system.
Issue the mkuser or chuser CLI command to install a new SSH key on the system. The key file must first be copied onto the system. Each key is associated with an ID string that you define that can consist of up to 30 characters. Up to 100 keys can be stored on a system. You can add keys to provide administrator access (service access is superuser only) by using either the PuTTY interface or the CLI commands. For example:
- Using the PuTTY interface, enter the following command to add keys:
```
ssh-keygen -t rsa mkuser -name jane -usergrp Service -keyfile /tmp/OU812.pub
```
- Using the CLI, enter the following command to add keys:
```
chuser -remote no -usergrp Monitor -keyfile /tmp/OU812.pub
```
When you run the command, the SSH key is copied into system state and activated for the user, and the input file is deleted.
Remember: Place the SSH key file in the /tmp directory before running this command. The ssh-keygen command must be run on a Linux host. The key can then be copied to the system. For example run the following command on a Linux host to generate a key file:
```
ssh-keygen -t rsa mkuser -name jane -usergrp Service -keyfile /tmp/OU812.pub
```
You can then use secure copy to copy the file to the system:
```
scp /tmp/OU812.pub user_name@system_ip:/tmp
```
Then run the following command:
```
svctask chuser -keyfile /tmp/OU812.pub user_id_or_name
```
You can issue the chuser or chcurrentuser CLI command to remove an SSH key from the system.