Adding a Unix Account (SSH) Secret


To add a new Unix Account (SSH) secret, do the following:

1. Log in to the Management Tool.

2. Click the Password Management navigation link on the left.

3. On the Secrets tab, click the Add Secret button in the top right of the page, and the Add Secret pop-up window will open.

4. On the Secret Properties tab, in the General section, do the following:

• Enter a unique name for the secret.

• Select the Unix account (SSH) secret type from the drop-down list.

• Optionally, enter a description for the secret.

    

5. In the Account section below, define a Linux computer which users will access using the Ekran System Connection Manager, by using one of the following options:

• If Use password is selected:

- Enter the host name or IP address of the required Linux computer, or select it from the drop-down list.

- Enter the user’s login name.

- Enter the user’s password.

• If Use SSH key is selected:

- Enter the host name or IP address of the required Linux computer, or select it from the drop-down list.

- Enter the user’s login name.

- Click Choose File to add a Private Key.

- Enter the passphrase for the selected Private Key.

6. On the Automation tab, to configure automatic remote password change for the account which the Unix user will access using the Ekran System Connection Manager, select the Enable remote password rotation checkbox and specify how frequently the password will need to be changed.

NOTE: If the password change ever fails, the secret will be marked with theicon next to it on the left in the list of secrets, and the corresponding error event will be displayed on the Health Monitoring page. In this case, subsequent password changes will no longer occur.

NOTE: To enable rotation of SSH secrets, certain preconditions must first be met.

    

7. On the Permissions tab, click the Add button, and in the drop-down list that opens, search for and select the users and user groups that you want to grant permissions to, then click Add, and next to each user or user group, select the permission to be granted to them.

    

8. On the Restriction Types tab, to configure the access restrictions for Clients to use the secret, do the following:

• Select the required option:

- Access without any restrictions: Clients will be able to access the secret without any restrictions.

- Always require approval on secret usage: Clients will require approval when they attempt to access the secret.

- Allow access without approval during working hours: Specify the working hours, date range, and days of the week when Clients will be able to access the secret, without approval.

• Users Who Can Approve Access: Select the users (i.e. Approvers) who will approve requests for Clients to access the secret.

• Owners or Approvers also require approval: Select this checkbox to require additional approval (by Management Tool administrators) for Owners and Approvers to approve requests for Clients to access the secret.

NOTE: Approvers receive notifications by email and can approve access requests either by clicking on the link in the email or by way of the Management Tool.

    

9. Click the Save button in the bottom right of the Add Secret pop-up window.

10. The secret is now added.

NOTE: The PuTTY application must be installed on the jump server from which the connection to the Linux Client computer will be established.