6.0.6 LTS and lower
No, SG doesn't support management of SSH keys. The current option, "Manage SSH Key" only affects the service account, it deploys a new SSH key to the service account.
6.6 FR and higher
SSH authorized key management provides a centralized database of SSH keys, key rotation, and identification of unauthorized keys to better maintain company security policy. Existing SSH keys can be uploaded and entrusted to Safeguard for Privileged Passwords. Each managed account can have a single SSH identity key. An SSH key can be requested and configured for A2A (account level scoping) and used for sessions.
Asset Administrators can:
- Discovery the SSH keys that authorize access to specified privileged accounts to determine if access is properly authorized.
- Store and protect legitimate SSH key pairs in the vault and have the public key automatically added to a target privileged account. This then enables a Security Policy Administrator to grant access using an SSH key via Safeguard for Privileged Passwords access policy.
- Similar to the password management features of Safeguard for Privileged Passwords, SSH keys may be changed or rotated based on a profile schedule or access request policy.
Security Policy Administrators can:
- Allow users to request to check out an SSH key to log in to an asset via SSH key authentication.
- Allow users to request a recorded SSH session to an asset using SSH key authentication instead of a password.