22.1.1. Procedure – Configuring public-key authentication using local keys


To store the public keys of the users and the private-public keypair used in the server-side connection locally on PSM, complete the following steps:


  1. Navigate to Policies > Local User Databases and create a Local User Database. Add the users and their public keys to the database. PSM will authenticate the clients to this database. For details on creating and maintaining local user databases, see Procedure 7.13, Creating a Local User Database.

  2. Navigate to Policies > Credential Stores and create a Local Credential Store. Add hostnames and the users to the database. PSM will use these credentials to authenticate on the target server. For details on creating local credential stores, see Procedure 18.4.1, Configuring local Credential Stores.

  3. Navigate to SSH Control > Authentication Policies and create a new Authentication Policy.

  4. Select Client-side gateway authentication backend > Local > Public key, clear all other options.

  5. Select the appropriate usergroup from the Local User Database field. PSM will authenticate the users to this local database.

  6. Select Relayed authentication methods > Public key > Fix, clear all other options.

  7. Click > Generate. This will generate a private key that is needed only for the configuration, it will not be used in any connection.


    The Connection Policy will ignore the settings for server-side authentication (set under Relayed authentication methods) if a Credential Store is used in the Connection Policy.

  8. Click .

  9. Navigate to SSH Control > Connections and create a new Connection.

  10. Enter the IP addresses of the clients and the servers into the From and To fields.

  11. Select the authentication policy created in Step 1 in the Authentication Policy field.

  12. Configure the other options of the connection as necessary.

  13. Click .

  14. To test the above settings, initiate a connection from the client machine to the server.