Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Cipher support

Both the Safeguard for Privileged Passwords client and the SSH server must support the same cipher. If you run Test Connection against an asset that uses SSH and there is no cipher supported by both the client and the server, Safeguard for Privileged Passwords displays an error message that says, Connecting to asset XXXXXXXXXXXXXXXXXX failed (There is no cipher supported by both: client and server). This means that during the setup of the asset connection, the Safeguard for Privileged Passwords client and the SSH server did not have matching ciphers for message encryption. In this case, you must modify the SSH server's configuration by adding at least one cipher supported by Safeguard for Privileged Passwords to the list of ciphers.

Safeguard for Privileged Passwords supports these ciphers:

  • 3des
  • 3des-ctr
  • aes128
  • aes128-ctr
  • aes192
  • aes192-ctr
  • aes256
  • aes256-ctr
  • arcfour
  • arcfour128
  • arcfour256
  • blowfish
  • blowfish-ctr
  • cast128
  • cast128-ctr
  • des
  • idea
  • idea-ctr
  • none
  • serpent128
  • serpent128-ctr
  • serpent192
  • serpent192-ctr
  • serpent256
  • serpent256-ctr
  • twofish128
  • twofish128-ctr
  • twofish192
  • twofish192-ctr
  • twofish256
  • twofish256-ctr

For example, if using an OpenSSH server with a default list of ciphers, you must add one or more of these ciphers in the OpenSSH's sshd_config file, and then restart the SSH server. For more information about OpenSSH ciphers, see http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd_config&sec=5.

Domain controller issue

Safeguard for Privileged Passwordsdoes not manage passwords for accounts on domain controllers; Safeguard for Privileged Passwords manages passwords for accounts on a domain controller through a directory that hosts the domain controller. For more information, see Adding an account.

Networking issue

If you are having system connectivity issues, here are some things to consider:

  • Are there security rules on the network (such as firewalls or routers) that might be preventing this traffic?
  • Is traffic from Safeguard for Privileged Passwords routable to the network address of the managed system?
  • Are there any problems with cables, hubs, or switches, and so forth?

You could be experiencing network issues like these:

  • Network outage
  • Router misconfiguration
  • Unplugged wire
  • Switch not working

If Safeguard for Privileged Passwords suspends event notifications, try logging out and logging back in to re-subscribe to SignalR.

Windows WMI connection

To enable Safeguard for Privileged Passwords to manage Windows assets, you must configure your firewall to allow Windows Management Instrumentation (WMI).

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating