PSM for SSH Administration

This topic describes the administration commands for managing the PSM for SSH server.

PSM for SSH service (psmpsrv)

PSM for SSH is installed as an automatic system service called psmpsrv. The psmpsrv service enables you to manage PSM for SSH and AD Bridge servers, either separately or together, using one of the following commands:

To manage only the PSM for SSH server, run the following command:

  • RHEL7, SUSE11, SUSE12

     
    service psmpsrv {start|stop|restart|status} psmp
  • RHEL8

     
    systemctl {start|stop|restart|status} psmpsrv-psmpserver

To manage only the PSM for SSH AD Bridge server, run the following command:

  • RHEL7, SUSE11, SUSE12

     
    service psmpsrv {start|stop|restart|status} psmpadb
  • RHEL8

     
    systemctl {start|stop|restart|status} psmpsrv-psmpadbserver

To manage both the PSM for SSH and the PSM for SSH AD Bridge server together, do not specify a server in the command, as shown below:

  • RHEL7, SUSE11, SUSE12

     
    service psmpsrv {start|stop|restart|status}
  • RHEL8

     
    systemctl {start|stop|restart|status} psmpsrv
     

    To check the status, use the following syntax:

    systemctl status psmpsrv-*

RHEL/SUSE commands and RHEL configuration files

Connect to the PSM for SSH machine for maintenance purposes

Maintenance users can connect to the PSM for SSH machine to perform management tasks and maintenance activities on the machine itself. The recommended secure practice for performing such maintenance activities on the PSM for SSH machine is to provision a maintenance user, protected by privilege access best practices. When a maintenance user needs to log in to the PSM for SSH machine, perform the following steps according to your environment architecture.

 

These users have high privileges on the PSM for SSH machine. Therefore, they should be given access according to least privilege principles and protected by storing and managing their credentials in the Vault and accessing their credentials through another PSM for SSH machine.

Create a maintenance user

PSM for SSH identifies the following users as maintenance users when they connect to the PSM for SSH server:

  • proxymng
  • proxymng<number>
  • Additional users that are specified in the PSMP_MaintenanceUsers parameter in the sshd_config configuration file.

The following describes how to create a maintenance user, based on your installed mode.