PSM for SSH Administration

PSM for SSH Service (psmpsrv)

PSM for SSH is installed as an automatic system service called psmpsrv. The psmpsrv service enables you to manage PSM for SSH and AD Bridge servers, either separately or together, using one of the following commands:

To manage only the PSM for SSH server, run the following command:

  • RHEL7, SUSE11, SUSE12

     
    service psmpsrv {start|stop|restart|status} psmp
  • RHEL8

     
    systemctl {start|stop|restart|status} psmpsrv-psmpserver

To manage only the PSM for SSH AD Bridge server, run the following command:

  • RHEL7, SUSE11, SUSE12

     
    service psmpsrv {start|stop|restart|status} psmpadb
  • RHEL8

     
    systemctl {start|stop|restart|status} psmpsrv-psmpadbserver

To manage both the PSM for SSH and the PSM for SSH AD Bridge server together, do not specify a server in the command, as shown below:

  • RHEL7, SUSE11, SUSE12

     
    service psmpsrv {start|stop|restart|status}
  • RHEL8

     
    systemctl {start|stop|restart|status} psmpsrv
     

    To check the status, use the following syntax:

    systemctl status psmpsrv-*

SSH proxy machine

Administrative users can connect to the PSM for SSH machine to perform management tasks on the machine itself without being forwarded to a target machine using the following command:

 
<ssh client> <administrative user>@<proxyaddress>
 

These users have high privileges on the PSM for SSH machine. Therefore, they should be given access according to least privilege principles and protected by storing and managing their credentials in the Vault and accessing their credentials through another PSM for SSH machine.