Use SSH Keys

This topic describes the various ways of using SSH Keys.

Access remote machines

You can use SSH Keys that are stored in the Vault to access remote machines in the following ways:

Through

Description

PSM for SSH

For details, see Connect through PSM for SSH.

PSM

For details, see Connect through Privileged Session Manager for Windows.

Application or scripts

For details, see Mitigate risks for SSH Keys used by applications and scripts

PVWA

For details, see Retrieve a private SSH Key.

The SSH Keys Platform

The PAM - Self-Hosted solution provides an out-of-the-box target platform to manage SSH keys, called Unix Via SSH Keys. In order to control the key size, the key format, the key encryption and so on, you can either modify this platform or copy it and customize it to create your own tailored platform while leaving the original platform untouched.

The following procedure describes how to modify the default platform.

  1. Click ADMINISTRATION to display the System Configuration page, then click Platform Management to display a list of supported target account platforms.

  2. Select Unix via SSH Keys, then click Edit, the platform settings page for the Unix Via SSH Keys platform appears.

  3. Select Generate Key; the Generate Key properties are displayed in the Properties pane.

  4. Specify the following properties:

    Property Description

    PrivateKeyFormat

    The format of the private SSH key. The default value is OpenSSH.

    KeySize

    The size in bits of the generated key. Optional values are 1024, 2048, 4096 and 8192. The default value is 2048.

    KeyEncryption

    The type of encryption used to generate the SSH key. Optional values are RSA and DSA. The default value is RSA.

    KeyGenerationTimeout

    The number of seconds that the CPM will wait for the key generaton process to finish. The default value is 90 seconds.

    PublicSSHKeyPath

    The path of the public key on the target machine. The default value is ~/.ssh/authorized_keys.

    PopulateKeyIfNotExist

    Determines whether or not the public SSH key file is created automatically during reconcile processes if it doesn't exist on the target machine. This is not relevant for SSH keys that were provisioned as a result of a discovery process.

  1. Click Apply or OK to save the new parameter values.