Manage SSH Resources

Key Manager Plus allows you to manage the entire life-cycle of SSH keys. The process actually starts with the discovery of the SSH resources in the network and follows the flow as detailed below:

1. Discover SSH resources.
2. Provide credentials to connect to the resource(s).
3. Enumerate the SSH users in resource(s).
4. Specify the credentials for each enumerated user for SSH key management.

1. Discover SSH Resources

Key Manager Plus enables you to automatically discover the SSH resources present in your network. You can discover the resources anytime as needed or periodically based on scheduled tasks. The discovery options are quite flexible - you can discover a single resource or multiple resources at one go.

1.1 Discover Resources On Demand

To discover the resources manually:

1. Navigate to Discovery >> SSH.
2. Select an option for the type of discovery.
   • Hostname/IP address – Enter the name or IP address of the resource to be discovered.
   • IP address range – Specify an IP range and discover all the SSH resources falling under the range
   • From file – If you have a list of the resources in your network saved as a text file, it can be loaded directly and all of them discovered.
   • Subnet – You can also choose to discover resources from specific subnetworks within an IP range using this option.

   Note: The file to be imported must be a text file containing the hostname or IP addresses of individual SSH resources, listed on separate lines. Enter the ports to scan for each resource separated from the hostname or IP address by a space, as illustrated below:

   0.0.0.0 22 
   test-username-10 6565
   192.168.20.20 7272

   If you do not specify any port, SSH servers using the default port 22 will be discovered.

3. For bulk discovery using IP address range and Subnet options, there is an Exclude IP Address field that allows you to exclude specific resources from being discovered. Specify the IP addresses of the resources that need to be excluded one below another.
4. Specify values for the Time out and the Port options.
   • Time out: Refers to the number of seconds the application tries to discover the resources (each). The default value is 5 seconds.
   • Port: It refers to the port on the end terminal used for SSH communication. Port 22 is used by default for SSH communications.
5. Click the Discover button.

When you click the Discover button, you will be redirected to the Discovery Status page where the status of the current discovery instance is updated.

1.2 Discover Resources Automatically through Schedules

Resource discovery can also be scheduled to occur at periodic intervals.

1. Click the Schedule tab in the GUI.
2. Click the Add Schedule button.
3. In the Add Schedule window, enter a name for the schedule and select the type of schedule as SSH Discovery.
4. Specify the start and end IP addresses and the port on the end terminal used for SSH communication.
5. Select the recurrence type – hourly, daily, weekly, monthly, or once only. Set the starting time, date, or day corresponding to the option chosen.
6. Enter the email addresses of the users to be notified.
7. Click the Save button.

You will get a message confirming addition of a new schedule.

The result of the schedule execution will get updated in the Schedule Audit and the Discovery Audit tabs.

The discovered SSH resources, with either manual or scheduled discovery executions, are automatically added to the resources list and can be viewed from the SSH >> SSH Servers tab in the GUI.

2. Provide Credentials to Connect to the Resource(s)

After discovering the resources, the next step is to provide credentials to establish connection between Key Manager Plus and the resources. This is a one time operation. Key Manager Plus just requires the credentials of any one user to establish connectivity and enumerate all SSH users in the resource. In that case, Key Manager Plus will get key management privileges for that particular SSH user account alone. Subsequently, you can enter the credentials for other users to enable Key Manager Plus to ‘manage’ them. On the other hand, if root credentials are given, Key Manager Plus will not only enumerate all the SSH users, but also gets management privileges over all users.

To enter the user credentials:

1. Navigate to the SSH >> SSH Servers tab in the GUI.
2. Click the Credentials icon.
3. Key Manager Plus supports connection establishment with resources that utilize either password or key based authentication.
   1. For resources that utilize password based authentication, enter the username and password of one of the user accounts present in the resource.
   2. For password-less resources that utilize key based authentication, provide the private key associated with one of the user accounts. You can either browse and upload the user private key from your system or choose from the "Select Key" drop-down if you have already added it to Key Manager Plus' SSH key repository.
4. Select the Root/Administrator check box if the credential is that of a root user or an administrator.
5. Click the Save button.

When the accurate credential of a particular account is entered, all user accounts available in the resource are automatically enumerated.

Also, you can simultaneously upload credentials for resources in bulk using the Credentials option from the top menu. This works in cases where two or more resources operate with the same credentials.

1. Select the required resources and click Credentials option from the top menu.
2. In the pop up that opens, provide the required details and click Save.
3. The credentials are applied to the selected resources.

3. Enumerate the SSH Users in Resource(s)

After establishing connectivity, the next step is to enumerate the SSH users in the resource. Once you establish connectivity as explained in step 2 above, Key Manager Plus automatically enumerates all SSH user accounts within that resource.

4. Specify the Credentials for each Enumerated User for SSH Key Management

After enumerating the SSH users from the resource, Key Manager Plus requires the credentials of each user account to commence SSH key management process. If you have specified the root account credentials for any resource in step 2 above, Key Manager Plus automatically gets management privileges for those particular resources.

To enter the password for enumerated user accounts:

1. Navigate to SSH >> SSH Users tab.
2. If the password is the same for all / many user accounts, select the accounts and click the Credential button. Enter the password. This same password is applied for all the selected user accounts.
3. If the password differs, click the Credentials icon against the required account and enter the password.
4. Click the Save button.

When you click save, you will get a confirmation that the credentials have been updated.

4.1 Import SSH User Credentials

If you have the list of user credentials in a text file, you can import them to Key Manager Plus.

To import the user credentials from the system:

1. Navigate to SSH >> SSH Users tab in the GUI.
2. Click the Import Credentials icon available in the top-right corner of the window, above the table.
3. Click the Browse button and select the text file from the system.
4. Click the Import button.