Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Incorrect authentication credentials

You must have the correct user name and password or SSH key to authenticate to an asset.

To resolve incorrect service account credentials

  1. Verify the service account credentials match the credentials in Safeguard for Privileged Passwords asset information (Administrative Tools | Assets | General Tab, Connection). For more information, see About service accounts.
  2. Perform Test Connection to verify connection. For more information, see About Test Connection.
  3. Attempt to check, change, and set password or SSH keys again. See:

Missing or incorrect SSH host key

If a Safeguard for Privileged Passwords asset requires an SSH host key and does not have one, Safeguard for Privileged Passwords will not be able to communicate with the asset. For more information, see Certificate issue.

To resolve missing SSH host keys

To verify that an asset has an SSH host key, select the asset and look under Connection on the General view. If there is no SSH Host Key Fingerprint displayed, you need to add one.

To add an SSH host key

  1. Open the asset's Connection tab.
  2. Choose any authentication type (except None) and enter required information.

    NOTE: You must enter the service account password or SSH key again.

  3. Click Test Connection.

    Test Connection verifies that the appliance can communicate with the asset.

  4. Confirm that you accept the SSH host key.

    NOTE: To bypass the SSH host key verification and automatically accept the key, click the Auto Accept SSH Host Key option.

  5. Click OK to save asset.

To resolve incorrect SSH host keys

Safeguard for Privileged Passwordsuses the following host key algorithms for key exchange:

  • DSA
  • ECDSA
  • RSA

Investigate the cause of the mismatch and then use Test Connection to resolve the mismatch.

No cipher supported error

If you receive an error message that says: There is no cipher supported by both: client and server, refer to Cipher support.

Service account has insufficient privileges

If you are having service account issues, consider the following:

  • Is the service account properly authorized to access the system? In a common setup, sudo is used to elevate the service account's privileges on the system.
  • Has the service account been locked out or disabled?
  • Is the service account configured to allow remote logon?

A service account needs sufficient permissions to edit the passwords of other accounts. For more information, see About service accounts.

To resolve incorrect or insufficient service account privileges

  1. Verify that the service account has sufficient permissions on the asset.
  2. Perform Test Connection to verify connection.
  3. Attempt to manually check, change, and set password or SSH key again on the account that failed.

If the asset is running a Windows operating system, a local account password or SSH key check, change, or set can fail when you are using an asset that is configured with a service account with Administrative privileges, other than the built-in Administrator.

Before Safeguard for Privileged Passwords can change local account passwords or SSH keys on Windows systems, using a service account that is a non-built-in administrator, you must change the local security policy to disable the Run all administrators in Admin Approval Mode option. For more information, see Change password or SSH key fails.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating