Secure Mobile Access 100 10.2 Administration Guide

Introduction
Using Virtual Office
- Virtual Office Configuration
  - Virtual Office
    Virtual Office Overview
    Using the Virtual Office
  - SMA Connect Agent
    Supported Operating Systems
    Downloading and Installation
    Setting up the SMA Connect Agent
    Proxy Configuration
    Logs
    Browser Warning
    End Point Control (EPC)
    PDA (Personal Device Authorization)
    SonicWall Application
SonicWall Support
- About This Document

HTML5 SSH Key File Authentication Support

Previously, user names and passwords were the only authentication methods supported by HTML SSH. However, more and more SSH servers are being used as key file authentication sites, especially within the cloud environment. SonicWall has now added support for that Key File authentication method.

HTML5 SSH bookmarks support identity file authentication
HTML5 SSH features can save the identity file and user information in a browser's local storage
HTML5 SSH features can use the saved information to log in to an SSH server automatically

Supported Platforms

Windows
LINUX
MAC
Android
iOS

SSH Authentication Option

A new option is introduced for HTML5 SSH bookmarks: SSHv2 Authentication Type.

There are two authentication types: Username + Password and Key File Authentication.

The Username + Password method is the default selection.

When devices are upgraded to 10.2.1, the authentication type is Username + Password as the default selection, but administrators can also select Key File Authentication to use identity file to login the SSH server.

When SSH key-based authentication is not configured on the server and key-based authentication is selected on the appliance, then it reverts back to username-password-based authentication.

Identity File Authentication

Administrators log in to an SSH server with the Key File Authentication type:

When no identity file information is saved, a pop-up dialog box appears indicating a username, identity file, and passcode (if the identity file is protected by Passcode) are necessary to continue.
After filling in the user and identity file information to login with identity file is required.
After successfully logging in, if there is no record of the identity file for the user's bookmark, a confirmation dialog box appears for the user to confirm whether or not to save or not save that identity information in their browser's local storage for the next login.
The passcode of the identity file will not be saved, even the user selects to save their identity file information in their browser's local storage. and the system always asks for the Passcode of the identity file (if the identity file is protected by passcode).

Error Handling

Authentication error handling methods and the associated UI messages have been updated:

Authentication Type is Username+Password
- Update input password message to: Input <username>@<hostname>'s password
- If the SSH server authentication method only supports a public key, update the error message to:
  Need public key authenticate method. Please change the SSH Authentication Type to Key File Authentication in bookmark setting.
Authentication Type is Key File Authentication:
The username or identity file is incorrect.

If SSH server supports the username+password method, a pop-up message appears showing the Input Password dialog and for the user to try using the username and password login.

Configuring SSH Resources in SMA

SSH resources can be configured either from the user interface or through an API. In the user interface, the SSH resource can be configured in the Global, Group, or User Level. The SSH resource can also be configured though an API.

To configure an SSH resource from the user interface

Login as Administrator from the SMA login screen.
Navigate to Users > Local Users or Users > Local Groups.
Edit a Local User or a Local Group.
From the Edit Local User page, click the Bookmarks tab.
Create an SSH Bookmark using an SSH server IP and set the SSHv2 Authentication Type option to Key File Authentication.

To configure an SSH resource from an API

Generate a Login ID using https://<<appliance IP>>/__api__/v1/logon GET request.
Authenticate the appliance using https://<<appliance IP>>/__api__/v1/logon/<<Logon ID>>/authenticate POST.
Create an SSH Bookmark using the sshAuthType parameter as the keyfileauth using the API https://<<appliance IP>>/__api__/v1/management/bookmarks POST.

Accessing the SSH Resources

To access the SSH resource from the user interface

Login as Administrator from the SMA login screen.
Access the SSH Bookmark.
Set the Username as the server username, set the Private Key as the Private Key of the server and the Passcode as the passphrase that was set during the creation of the RSA key pair.

< Prev Section

Next Section >