Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Setting Server Password

On Unix, the ssh-ca-repair script can also be used to set, change, or clear the server password which protects all the server private keys which are used for:

  • Server-to-Engine communication
  • TLS-protected Administration or Web Enrollment Services
  • OCSP responder
  • TLS-client-authenticated LDAP publishing

These keys are stored in the server var/pki directory.

The following commands set, change, and clear the password:

ssh-ca-repair -serverpass-set

ssh-ca-repair -serverpass-change 

ssh-ca-repair -serverpass-clear

When the server password is set, the server will not try to start automatically at system boot. The ssh-ca-start script must be run manually after reboots instead, and it will prompt for the server password.

On Windows, the server private key can be protected by using the ssh_keytool command. See Appendix Protecting Private Keys with Passwords.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now