Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.5.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Setting the SSH host keys of the connection

By default, One Identity Safeguard for Privileged Sessions (SPS) accepts and stores the host key of the server when the connection is first established.

To manually set the SSH keys used and accepted in the connection

  1. Navigate to SSH Control > Connections and click to display the details of the connection.

    Figure 196: SSH Control > Connections — Configuring SSH host keys of the connection

  2. Verify the identity of the servers based on their hostkeys.

    • Select Accept key for the first time to automatically record the key shown by the server on the first connection. SPS will accept only this key from the server in later connections. This is the default behavior of SPS.

      NOTE:

      When your deployment consists of two or more instances of SPS organized into a cluster, the SSH keys recorded on the Managed Host nodes before they were joined to the cluster are overwritten by the keys on the Central Management node. For details, see Configuration synchronization and SSH keys.

    • Select Only accept trusted keys if the key of the server is already available on SPS. SPS will accept only the stored key from the server. For further information on setting the host keys of the server, see Server host keys.

      NOTE:

      When your deployment consists of two or more instances of SPS organized into a cluster, the SSH keys recorded on the Managed Host nodes before they were joined to the cluster are overwritten by the keys on the Central Management node. For details, see Configuration synchronization and SSH keys.

    • Select Disable SSH hostkey checking to disable SSH host key verification.

      Caution:

      Disabling SSH host key verification makes it impossible for SPS to verify the identity of the server and prevent man-in-the-middle (MITM) attacks.

  3. You can choose to upload or paste a host key, or for RSA, generate a new one.

    Click on the fingerprint to display the public part of the key.

    SPS allows you to use the following public SSH hostkeys.

    • RSA, which is the most widely used public-key algorithm for the SSH key.

      NOTE:

      One Identity recommends using 2048-bit RSA keys (or stronger).

    • Ed25519, which offers a better security and faster performance compared to RSA.

      In SPS, Ed25519 SSH hostkeys are supported in both OpenSSH and PKCS #8 formats.

    You can also have multiple SSH keys on SPS. This allows you to keep your old RSA SSH key and generate a new one that uses Ed25519.

  4. Click Commit.

Related Documents