The Asset Administrator can manually check, change, or set an SSH key.

To manually check, change, or set an SSH key

  1. Navigate to Asset Management > Accounts.

  2. In Accounts, select an account from the object list.

  3. Click View Details from the toolbar.

  4. Navigate to Properties > Secrets.

  5. The SSH Key tile available on this page provides the following options:

  6. Select one of these option.

    • Set to set the SSH key in the SPP database. The Set option does not change the account SSH key on the asset. The Set option provides the following options.

      • Generate an SSH Key: Generate a new SSH key and assign it to the account. The SSH key complies with the SSH key rule that is set in the account's profile.

        CAUTION: Do not generate a new SSH key for a service account because the connection to the asset will be lost. Instead, use the Change option for SSH Keys.

        After you select Generate, the key is generated and saved in the SPP database. The following fields display.

        • Account: The account name

        • Fingerprint: The fingerprint of the SSH key used for authentication

        • Key Comment: Information about the SSH key

        • Type: The SSH authentication key type, such as RSA or DSA. For more information, see SSH Key Profiles..

        • Length: The length of the SSH authentication key. For more information, see SSH Key Profiles..

        • Public Key: The generated key; click Copy to put it into your copy buffer. You can then log in to your device, using the old SSH key, and change it to the SSH key in your copy buffer.

      • Import an SSH Key: Import a private key file for an SSH key that has been generated outside of SPP and assign it to the account. Click Browse to import the key file, enter a Password, then click OK.

        When importing an SSH key that has already been manually configured for an account on an asset, it is recommended that you first verify that the key has been correctly configured before importing the key. For example, you can run an SSH client program to check that the private key can be used to login to the asset: ssh -i <privatekeyfile> -l <accountname> <assetIp>. Refer to the OpenSSH server documentation for the target platform for more details on how to configure an authorized key.

        NOTE:SPP does not currently manage the options for an authorized key. If an imported key has any options configured in the authorized keys file on the asset, these options will not be preserved when the key is rotated by SPP.

      • Deploy SSH Key: If not already configured, install the account's current SSH key on the asset in the correct file for the account.

    • Check to verify the account SSH key is in sync with the SPP database. If the SSH key verification fails, you can change it.

    • Change to reset and synchronize the SSH key with the SPP database. For service accounts, use this selection and do not use Generate SSH Key to change the SSH key.