On the Connection tab, you can configure SPP to authenticate to a managed system using an SSH authentication key. To rotate SSH keys, you must select the Manage SSH Key option in the asset's profile change schedule. For more information, see Adding SSH key change settings..

NOTE: This option is not available for all operating systems. But if a SPP asset requires an SSH host key and does not have one, Check SSH Key, Change SSH Key, and Test Connection will fail. For more information, see Connectivity failures..

The information that displays depends on whether you choose to automatically generate the SSH key or import and manually deploy the SSH key.

Table 235: SSH Key authentication type properties
Property Description

Change the Previous SSH Settings (available on a change)

Select this check box to install the new SSH key.

If you change the Authentication Type from a Password or None to SSH Key, select the Change the Previous SSH Settings check box to ensure the SSH key is installed. Verify the key is installed before clicking Test Connection.

Automatically Generate the SSH Key

Select this option to generate the SSH authentication key.

Manually Deploy the SSH Key

When you select Automatically Generate the SSH Key, you can select this option so that you can manually append this public key to the authorized keys file on the managed system for the service account. For more information, see Downloading a public SSH key..

The SSH authentication key becomes available after SPP creates the asset. If you do not select this option, SPP automatically installs the SSH authentication key. If you do select this option, SPP creates the key and associates it with the SPP asset you are creating, but it does not install it on the managed system for you.

Import and Manually Deploy the SSH Key

Select this option, then Browse to import an SSH authentication key and enter the Password.

NOTE:SPP does not currently manage the options for an authorized key. If an imported key has any options configured in the authorized keys file on the asset, these options will not be preserved when the key is rotated by SPP.

Key Comment

(Optional) Enter a description of this SSH key. Maximum length of 225 characters.

Service Account Name

Enter the service account name that SPP is to use for management tasks. This is the account SPP uses to install the SSH authentication key on the asset. For more information, see About service accounts..

Service Account SSH Key

If not importing the SSH authentication key, then you must enter the service account SSH Key SPP needs to authenticate to this managed system.

Limit: 255 characters

Privilege Elevation Command

If required, enter a privilege elevation command (such as sudo). This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change SSH keys and to discover accounts.

Sudo commands follow.

  • AuthorizedKeyCommand
Specify a program to look up the user's public keys
  • cat
  • chmod
  • chown
  • cp
  • echo
  • egrep
  • find
  • grep
  • host
  • ls
  • mkdir
  • mv
  • rm
  • sed
  • sshd
  • ssh-keygen
  • tee
  • test
  • touch
  • usermod

When adding an asset, this command is used to perform Test Connection. For more information, see About Test Connection..

The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Preparing Unix-based systems.

The limit is 255 characters.

Auto Accept SSH Host Key

Select this option to have SPP automatically accept the SSH host key when it creates the SPP asset.

When this option is selected, SPP displays the thumbprint of the SSH host key that was discovered. When a managed system requiring an SSH host key does not have one, Check SSH Key will fail. For more information, see Connectivity failures..

Test Connection

Click this button to verify that SPP can log in to this asset using the service account credentials you have provided. For more information, see About Test Connection..

As noted earlier: If you change the Authentication Type from a Password or None to SSH Key, select the Change the Previous SSH Settings check box to ensure the SSH key is installed. Verify the key is installed before clicking Test Connection.

Service Account Password Profile

  Click Edit to add the profile or Remove to delete the assigned profile. Available profiles are based on the partition selected on the General tab (asset discovery). To update the profile later, go to the service account and update the profile. For more information, see Properties (account)..

Service Account SSH Key Profile

 Click Edit to add the profile or Remove to delete the assigned profile. Available profiles are based on the partition selected on the General tab (asset discovery). To update the profile later, go to the service account and update the profile. For more information, see Properties (account)..
Port

Enter the port number used by SSH to log in to the managed system.

Required

Connection Timeout

Enter the command timeout period. This option applies only to platforms that use telnet or SSH.

Default: 20 seconds

(Custom platform operation

e.g Check System Properties)

If there is a custom parameter in the custom platform script, enter the custom parameter here. The list of system parameters are here: Writing a custom platform script. Any parameter not in the list is a custom parameter.