Managing SSH Keys and Key Groups25 minutes to read
SSH keys serve as a secure means of authentication and establishing encrypted connections between a client and server. They offer a highly secure alternative to password-based authentication for remote logins and file transfers. Widely employed in system administration and secure network communication, SSH keys deliver enhanced security, convenience, and automation features while decreasing reliance on passwords. By adhering to best practices in key generation, management, and usage, one can maximize the advantages and overall security provided by SSH keys. Password Manager Pro allows you to manage the entire life-cycle of SSH keys of your SSH resources. The sequence indicated below just illustrates the flow of SSH key events in Password Manager Pro. It is not necessary that you should follow them in the same order as explained below.
1. SSH Resource DiscoveryThe SSH keys management starts with the SSH resource discovery process. To discover the SSH keys from the organization resources via Password Manager Pro, it is required to add the respective SSH resources in the Password Manager Pro repository. You can add the SSH resources manually or via the Linux resource discovery process. Note: The term SSH keys mentioned here only represent the private keys of the SSH resources. 2. Elevating Privilege for SSH Keys ManagementTo discover, associate, deploy, and rotate SSH keys, Password Manager Pro requires a remote login method, a login account for authentication, and privilege elevation configured with root privileges. To configure those above requirements,
![]() 3. Discover SSH Keys from the SSH ResourcesTo discover the private keys associated with the accounts of the added/discovered SSH resources,
![]() 4. Import the Discovered Keys to Password Manager ProPassword Manager Pro requires SSH key passphrase for SSH key management. If the credentials are in place, you can import the SSH keys already discovered. To import the key files from the discovered SSH resource:
The imported keys can be viewed from the SSH Keys >> SSH Keys tab. Note: If the keys are protected with a passphrase, even though the import operation will execute successfully while associating with user accounts, you need to enter the passphrase to use the key. 4.1 Import Keys from SystemsIn addition to the discovery of key files from the SSH resources, you can also specify the location, and import the keys present in any system. To import the key files from the system:
To edit a Key Comment in the already imported keys, follow the below steps:
5. Create New Keys and DeployPassword Manager Pro also allows you to create new key pairs and deploy them on target systems. The create and deploy feature of Password Manager Pro can be used for one-click generation and deployment of keys. Unique key pairs are generated for each user account, and the corresponding keys are deployed automatically in the user accounts of the target servers. The SSH key pair can be generated using RSA / DSA algorithms as per the details below:
5.1 To Create SSH Keys
You will get confirmation that the new key has been created. All the keys that are created are automatically added to the centralized repository of Password Manager Pro. You can view these keys from the SSH Keys >> SSH Keys tab in the user interface. Password Manager Pro allows you to search SSH Keys using Key Name, Key Type, Key Length, Finger Print, Created By, Age, and additional fields (if available). ![]() Administrators can view the passphrases of keys by clicking on the show passphrase icon provided at the right end of the keys. 5.2 Create SSH Keys and DeployTo create and associate keys with all the user accounts in a discovered resource:
![]() 6. Associating the SSH Keys with the User AccountsAfter importing/creating keys, you can associate the keys with SSH users. Note: If a root user or administrator credential has been provided for a resource, keys can be associated with all enumerated user accounts of the resource. If there are no keys available in the Password Manager Pro database, then you will be prompted to create a key during association. Create a key pair and return to these steps. 6.1 Associating the SSH Keys with the User Accounts
![]() 6.2 Associating the SSH Keys with the Resources
![]() Now you have successfully associated a particular SSH key to the resources/user accounts. 7. SSH Key Management Operations (Rotate, Dissociate, Push, Edit, Delete)7.1 Rotate SSH KeysYou can configure Password Manager Pro to rotate the SSH keys at periodic intervals automatically. With a single click, all the deployed keys can be replaced. The keys can be rotated based on a schedule or anytime based on your need. i. Manual Key RotationTo rotate the keys manually:
A confirmation message will be displayed, and you will be redirected to the Key Rotation Audit page, where the status of rotation is updated. Note: Only the keys which have already been associated with user accounts of resources can be rotated. ii. Scheduled Key RotationTo schedule the rotation of keys:
The result of the scheduled execution will get updated in the Key Audit, and the results of the rotation of the keys will get updated in the Key Rotation Audit. 7.2 Dissociate Keys from SSH UsersWhen an SSH user leaves the organization or is provided temporary privileged access, you can dissociate the keys associated with the user account and discontinue access. Until you dissociate all the SSH keys, you cannot delete the user account or the resource. i. Dissociate Key from User Accounts
ii. Dissociate Keys from Selected User Account
7.3 Push Keys to Remote User AccountsIn addition to deployment, Password Manager Pro allows you to push a private key or a public key, or both onto its associated user accounts. i. To push a key file to remote user accounts:
This feature is also available as a part of the Key Rotation schedule. After the scheduled key rotation is performed and fresh key pairs are created and deployed, you can automatically push either the private key or both the private and public keys onto its selected associated users by enabling the 'push key to user' option instead of pushing the key files manually after every scheduled rotation. ![]() ii. Add commands and restrict host per key:You can add commands to specific user accounts, thereby providing an additional layer of restriction enabling them only to execute the commands on establishing a connection with the host. Also, you can predefine the appropriate key-to-user relationship by specifying the IP address of the user in the appropriate format (as specified below). To add a command to a public key,
To restrict hosts for a key, click on Add Command and provide the name or IP address of the hosts in the following format. i.e.,(from="host1/ip1,host2/ip2") 7.4 Edit Authorized Keys FileYou can fetch authorized key files from various user accounts, edit the key content and push them to respective user accounts from Password Manager Pro. To do this,
![]() 7.5 Delete KeysWhen you try to delete the SSH keys from the Password Manager Pro repository, they are first dissociated automatically from their user accounts. Key deletion fails for the SSH keys that are not dissociated from all their user accounts. To delete the SSH Keys:
8. Organize SSH Key Groups for Bulk ManagementPassword Manager Pro gives the provision to create key groups for easy organization and to carry out operations in bulk. You can assign, delete, or modify the group similar to working with a single SSH key. The list of items available in a group is enumerated in their respective tabs. You can drill down to the individual items by clicking the name of a group. 8.1 Create Key GroupsTo create a group of SSH keys:
In addition, you can directly select individual keys from the SSH Keys >> SSH Keys tab and click the Save button for faster group creation. ![]()
| |