How to deploy AutoSFTP and AutoSSH
AutoSFTP and AutoSSH are for secure automation of sftp/ssh process. So, it's important to get a proper understanding of how to deploy them to maintain the good security.
When you decided to buy our AutoSFTP, AutoSSH or WZSysGuard, please let us know who in your data security department will be responsible to receive the secret 32-charater KeyID (sometimes we also call it 32-character Hex Key) for the license you buy. This KeyID must be kept secure by data security department for maintaining the good security of these security related software functions. It must not be revealed to anybody who could get unsupervised root account access on the machine. This is to make sure, even with root access, without knowing security administration password for the product, that person still won't be able to steal the secret password/passphrase used for the AutoSFTP/AutoSSH auto sign on function, or change file records in registry files of WZSysGuard without being detected.
So when you order our AutoSFTP or AutoSSH products, please let us know the name of the security officer, his/her mailing address in the company, his/her company email address and your security department's fax number.
When we receive the order payment, we will send a letter or fax to the security officer, the letter or fax will contain a one time password. When the officer gets the letter or fax, make sure the password has not been seen by people other than security department's personnel, and send us an email to confirm that. We will then send an email to him with the encrypted KeyID for the product license. Once the security officer gets it, it can be decrypted using the password got earlier. And the decrypted KeyID has to be kept safe.
This KeyID is only needed under 2 situations:
1. during initial product security administration password setup.
2. some time later, if you need to regenerate certificate for SSH/SFTP programs and find you
forgot the needed security administration password, and want to reset it.
So, after system administrator helped to install the software, set up the product security administration password first:
# /usr/local/bin/wzappkey -p asftp // this is for AutoSFTP product.
# /usr/local/bin/wzappkey -p assh // this is for AutoSSH product.
as this is the initial setup, the command will ask for the 32-character KeyID to make sure only the person who knows this KeyID will be able to set the administration password.
And then try to confirm the openSSH software currently installed on the machine is clean (means, all executables are original, not Trojan Horse), if it's difficult to make confirmation, then better remove the package and download and install a fresh one. And generate and save the certificates for SFTP and/or SSH programs:
# /usr/local/bin/asftpcreg // This is for AutoSFTP
# /usr/local/bin/asshcreg // This is for AutoSSH
These certificates are used for Trojan Horse detection, and certificats need be updated when openSSH software gets updated on the machine.