Documentation

One public/private key pair per client

As an additional security measure, it is possible to enable the option to use one key pair per client. In this case, each client can have its own key pair. Those clients who do not have their own key pair will use the global key pair (which was sent or created during the account creation).

To enable this option, go to the Account/Key Management page and activate the "Allow public/private key pair per client" option.

When you enable this option all your clients will continue to use the global key pair until they are given their own key pair. Only those clients who have their own key pairs will use them, while clients without their own key pairs will use the global key. If you delete a client's key, it will start using the global key from that moment on. Be careful when manipulating keys, as deleting a client's key may block it.

There are several ways to send a client's public key:

Through our dashboard:

  • After enabling the "Allow public/private key pair per client" option, a new tab called "Public keys" will appear in the client list. If you have pre-defined key pairs, you can paste the client's public key here or delete a previously sent public key.

Directly from the client:

This method provides greater security since you can create the keys on the client, and the private key never leaves the client.

  • Creating a key pair and sending it using our Python script (note: to create and send keys using our script, you need to have at least version 400 of the script): You need to run our Python script and pass a command parameter for key creation. The key pair will be created in the directory where your script is located, and the public key will be automatically sent to our server.

Example:

$ python3 sshreachme.py createkeypair
Creating key pair...
Key pair written to id_rsa and id_rsa.pub files
Uploading public key...
Public key uploaded
  • If you already have a key pair created, you can send the key using our Python script: Run our Python script and pass a command parameter for key sending (uploadpublickey) along with the file path. Our script will send the public key to our server.

Example:

$ python3 sshreachme.py uploadpublickey id_rsa.pub
Uploading public key...
Public key uploaded
  • Manually sending the public key: If you already have a key pair created, you can manually send the public key using the instructions provided in the comments of our script, using the "curl" program. All the parameters for sending will be prepared in the command; you just need to paste the public key.

Example:

curl -d "user_id=1&db_server_key=aat4tsfsdheg54sIUa42&host_uuid=34vj3h8a-22ab-a02l-s0lc-aa012la02lj7" --data-urlencode "public_key=PUBLIC_KEY" https://sshreachme.com/init/my/upload_public_key.json

pros and cons

Please note that although using client-specific key pairs increases security, all those keys are written into the authorized_keys file on our server, which is a plain text file. Sending a large number of keys (more than a few hundred) may affect the tunnel opening speed, as the system has to go through the entire file and analyze all the keys.