Private SSH Key

This topic describes how to create a private SSH Key plugin, to enable CPM to manage private SSH Keys.

Support

Target devices

The CPM supports remote private key update on the following target devices:

  • RHEL 7.1, 8.x*, 9.x*

  • Ubuntu 18.04, 22.04*

  • Debian 11.6*
  • Fedora 38*
  • IBM AIX 7.1, 7.3
  • Solaris Intel 11.2, 11.3
  • Solaris SPARC 11.2, 11.3
  • SUSE Linux 12
  • OpenSUSE 15.4
  • CentOS 7
  • Oracle Enterprise Linux 6, 7

*The target device version is only supported when the SSH library is configured to work with the Rebex library. For more information, see Configure FIPS-compliant mode.

Windows Server 2012, 2016, 2019, 2022

Platforms

In the PVWA Platform Management page, make sure that the following service account platform is displayed:

  • Private SSH Key

The Private SSH Keys service account is supported on the following target account platforms:

  • Unix via SSH Keys

Connection Methods

This plugin supports the following connection methods to the remote machine:

  • SSH

  • SFTP

  • Windows File Sharing

Logon Account

Action

Change
Supported ü
Required ü
Platform

For Unix devices:

  • Unix via SSH

For Windows devices:

  • Windows Local Account
  • Windows Domain Account
Permissions Edit and create files on target folder.

 

Configuration

Prerequisites

This plugin requires .NET Framework 4.8. If you are using an older version of the CPM, .NET Framework 4.8 must be installed on the CPM machine as well.

Import platform

This procedure is relevant if the platform is not included in installation.

  1. Add the following file categories, if they do not already exist:

    FilePath

    Type Text
    Valid value 
    Required No

    ConnectionType

    Type List
    Valid valueSSH, Windows File Sharing
    Required No
    Backup Private SSH Key 
    Type List
    Valid valueYes, No
    Required No
    Usage Display Name 
    Type Text
    Valid value 
    Required No

  2. Import the platform.

Platform Parameters

Port

Description

The port used to connect to the remote machine for SSH connections.

Note: The port is only relevant for Unix devices.
Acceptable Values 0-65535
Default Value 22

Backup Private SSH Key
Description Indication whether to create backup file of the private ssh key before updating it.
Acceptable Value Yes, No
Default Value No

Account Parameters

Required

Address

Description IP or hostname of the target machine.
Acceptable Value String
Default Value -

File Path
Description

For Unix devices:

  • Full file path on the target machine.
 

If the key is called SSHKey and is located under the Keys directory under the home directory of the user cyberark the path will be:

/home/cyberark/Keys/SSHKey

For Windows devices:

  • The file path on the shared folder.
 

If the key is called SSHKey.prv and is located on the shared folder c:\cyberark on the target machine who’s shared name is "cyberark" the path will be:

cyberark\SSHKey.prv

Acceptable Value String
Default Value -
Connection Type  
Description

The type of connection to the target device.

For Unix devices:

  • SSH

For Windows devices:

  • Windows File Sharing
Acceptable Value SSH, Windows File Sharing
Default Value  

Optional

Port

Description

The port used to connect to the remote machine for SSH connections.

Note: The port is only relevant for Unix devices.
Acceptable Values 0-65535
Default Value Port defined in the platform.

Backup Private SSH Key
Description Indication whether to create backup file of the private ssh key before updating it.
Acceptable Value Yes, No
Default Value Backup Private SSH Key defined in the platform.