The Asset Administrator can manually check, change, or set an SSH key from the Account Security menu.

To manually check, change, or set an SSH key

1. Navigate to Administrative Tools | Accounts.
2. In Accounts, select an account from the object list.
3. Click  Account Security from the toolbar. You can also right-click the account name then click  Account Security.

   Select one of these option. You can view the progress and results of the Check and Change options in the Toolbox | Tasks pane. For more information, see Viewing task status.

   • Check SSH Key to verify the account SSH key is in sync with the Safeguard for Privileged Passwords database. If the SSH key verification fails, you can change it.
   • Change SSH Key to reset and synchronize the SSH key with the Safeguard for Privileged Passwords database. For service accounts, use this selection and do not use Generate SSH Key to change the SSH key.
   • Set SSH Key to set the SSH key in the Safeguard for Privileged Passwords database. The Set SSH Key option does not change the account SSH key on the asset. The Set SSH Key option provides the following options.
     • Generate: Generate a new SSH key and assign it to the account. The SSH key complies with the SSH key rule that is set in the account's profile.

       CAUTION: Do not generate a new SSH key for a service account because the connection to the asset will be lost. Instead, use Account Security : Change SSH Key.

       After you select Generate, the key is generated and saved in the Safeguard for Privileged Passwords database. The following fields display.

       • Account: The account name
       • Fingerprint: The fingerprint of the SSH key used for authentication
       • Key Comment: Information about the SSH key
       • Type: The SSH authentication key type, such as RSA or DSA. For more information, see SSH Key Management settings.
       • Length: The length of the SSH authentication key. For more information, see SSH Key Management settings.
       • Public Key: The generated key; click  Copy to put it into your copy buffer. You can then log in to your device, using the old SSH key, and change it to the SSH key in your copy buffer.
     • Import: Import a private key file for an SSH key that has been generated outside of Safeguard for Privileged Passwords and assign it to the account. Click Browse to import the key file, enter a Password, then click OK.
       When importing an SSH key that has already been manually configured for an account on an asset, it is recommended that you first verify that the key has been correctly configured before importing the key. For example, you can run an SSH client program to check that the private key can be used to login to the asset: ssh -i <privatekeyfile> -l <accountname> <assetIp>. Refer to the OpenSSH server documentation for the target platform for more details on how to configure an authorized key.
     • Install: If not already configured, install the account's current SSH key on the asset in the correct file for the account.
     • Verify: Check that the account's current SSH key is configured in the correct file for the account on the asset. A warning is displayed if the authorized key file permissions has identifiable issues (such as the permissions are too open and configuration settings issues exist). The verification process can not identify all potential issues, so Verify may run successfully but the key will not work when you try to authenticate.