On the Connection tab, you can configure Safeguard for Privileged Passwords to authenticate to a managed system using an SSH authentication key. To rotate SSH keys, you must select the Manage SSH Key option in the asset's profile change schedule. For more information, see Adding SSH key change settings.
NOTE: This option is not available for all operating systems. But if a Safeguard for Privileged Passwords asset requires an SSH host key and does not have one, Check SSH Key, Change SSH Key, and Test Connection will fail. For more information, see Connectivity failures.
The information that displays depends on whether you choose to automatically generate the SSH key or import and manually deploy the SSH key.
SSH Key Generation and Deployment
Select one of the following options:
(Optional) Enter a description of this SSH key. Maximum length of 225 characters.
Enter the service account name that Safeguard for Privileged Passwords is to use for management tasks. This is the account Safeguard for Privileged Passwords uses to install the SSH authentication key on the asset. For more information, see About service accounts.
|Privilege Elevation Command
If required, enter a privilege elevation command (such as sudo). This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change SSH keys and to discover accounts.
Sudo commands follow.
Specify a program to look up the user's public keys
When adding an asset, this command is used to perform Test Connection. For more information, see About Test Connection.
The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Preparing Unix-based systems.
The limit is 255 characters.
Auto Accept SSH Host Key
Select this option to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the Safeguard for Privileged Passwords asset.
When this option is selected, Safeguard for Privileged Passwords displays the thumbprint of the SSH host key that was discovered. When a managed system requiring an SSH host key does not have one, Check SSH Key will fail. For more information, see Connectivity failures.
Click this button to verify that Safeguard for Privileged Passwords can log in to this asset using the service account credentials you have provided. For more information, see About Test Connection.
Enter the port number used by SSH to log in to the managed system.
Enter how long to wait (in seconds) for both the connect and command timeout.
Default: 20 seconds
(Custom platform operation
e.g Check System Properties)
If there is a custom parameter in the custom platform script, enter the custom parameter here. The list of system parameters are here: Writing a custom platform script. Any parameter not in the list is a custom parameter.