If a Safeguard for Privileged Passwords asset requires an SSH host key and does not have one, Safeguard for Privileged Passwords will not be able to communicate with the asset. For more information, see Certificate issue.
To resolve missing SSH host keys
To verify that an asset has an SSH host key, select the asset and look under Connection on the General view. If there is no SSH Host Key Fingerprint displayed, you need to add one.
Choose any authentication type (except None) and enter required information.
|NOTE: You must enter the service account password again.|
Click Test Connection.
Test Connection verifies that the appliance can communicate with the asset.
Confirm that you accept the SSH host key.
Note: To bypass the SSH host key verification and automatically accept the key, click the Auto Accept SSH Host Key option.
To resolve incorrect SSH host keys
To correct a mismatched SSH host key, run Test Connection.
If you receive an error message that says, "There is no cipher supported by both: client and server", refer to Cipher support.
A service account needs sufficient permissions to edit the passwords of other accounts. For more information, see About service accounts.
To resolve incorrect or insufficient service account privileges
If the asset is running a Windows operating system, a local account password check, change, or set can fail when you are using an asset that is configured with a service account with Administrative privileges, other than the built-in Administrator.
Before Safeguard for Privileged Passwords can change local account passwords on Windows systems, using a service account that is a non-built-in administrator, you must change the local security policy to disable the "Run all administrators in Admin Approval Mode" option. For more information, see Change password fails.
If you are unable to connect to a remote machine either through SSH or RDP, log into the Safeguard for Privileged Passwords desktop client as an Appliance Administrator and check the Activity Center and logs for additional information.
If you are using the embedded sessions module, you may also check: