Installing Synchronization Scripts

Lee Painter

We have a number of different packages for installing scripts that provide integration with OpenSSH server's public key authentication and the JADAPTIVE Key Server.

The easiest method to configure an OpenSSH server is to use the AuthorizedKeysCommand and AuthorizedKeysCommandUser configuration settings supported by OpenSSH since version 6.8. Our packages will install the necessary scripts and make the configuration change required to support this method if your server is running OpenSSH 6.8 or greater. 

If you are installing on a server with an earlier version of OpenSSH you will not be able to use the AuthorizedKeysCommand option; however, you can still install the package to take advantage of the manual synchronization scripts. This just requires a little more setup on each account you want to configure for key management. 


The scripts require curl to execute HTTPS requests. You should install this prior to attempting to install these scripts


apt-get install curl


yum install curl

Download & Installation

We have provided shortcut links to the latest packages on your key server. Both packages have a dependency on Curl and the OpenSSH server.


Download the package from https://<hostname>/scripts/jadaptive.deb or from our cloud server

Install using:

dpkg -i jadaptive-keyserver-scripts-<version>.deb


Download the package from https://<hostname>/scripts/jadaptive.rpm or from our cloud server

Install using:

rpm -i jadaptive-keyserver-scripts-<version>.noarch.rpm

Testing Curl

Once the scripts are installed you need to configure the key server location. Before you edit the configuration, it is recommended you test the curl command against your key server. If you are not running a valid SSL certificate you may need to adjust the configuration. We recommend at all times that you maintain a valid SSL certificate on your key server.

Execute the following command

curl https://<keyserver>/ping

This should result in a response like follows:

curl https://ks1/ping

If you receive errors relating to the certificate like below you should in the first instance fix the certificate issue on your key server by installing an up-to-date SSL certificate. 

curl https://ks1/ping
curl: (60) SSL certificate problem: certificate has expired
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

If you need to bypass this you can check again using the -k switch to ignore certificate errors

curl -k https://ks1/ping

If you need to use the -k switch then make a note to adjust the ALLOW_INSECURE_GATEWAY option in the next section.



You should now edit the /etc/default/jadaptive-keyserver file. 

nano /etc/default/jadaptive-keyserver

Change the GATEWAY_HOST environment variable to point to the hostname of your key server.

If you noted earlier that you need to set ALLOW_INSECURE_GATEWAY you should change this to y

# Configuration for jadaptive-keyserver-scripts

# Gateway host
# The default hostname or IP address of the gateway from which to retrieve keys.

# Allow incorrect SSL certificates when connecting to the
# Default: N
# Recommended: N - To avoid MITM. The gateway is your trusted keystore!

Finally, you can now test the keyserver scripts

Execute the following command for an account you want to manage keys for

keyserver-sync /root root

Then login to the Key Server Administration CLI and execute 


You should now see this account and host in the remote-accounts listing

# remote-accounts
Account Hostname
------- --------
root ks1

You are now ready to start configuring access as described in our article Configuring a Remote Account.