Top

Manage SSH Resources, Keys

 

Key Manager Plus allows you to manage the entire life-cycle of SSH keys. The process actually starts with the discovery of the SSH resources in the network and follows the flow as detailed below:

Steps indicated above just illustrate the flow of events in Key Manager Plus. It is not necessary that you should follow them in the same order as explained above.

 

Step 1: Discover SSH resources.

Key Manager Plus enables you to automatically discover the SSH resources present in your network. You can discover the resources anytime as needed or periodically based on scheduled tasks. The discovery options are quite flexible - you can discover a single resource or multiple resources at one go.

Discover Resources On Demand

To discover the resources manually:

  1. Go to the Discovery tab in the GUI.
  2. Click the SSH tab.
  3. Select an option for the type of discovery.
    • Hostname/IP address – Enter the name or IP address of the resource to be discovered.
    • IP address range – Specify an IP range and discover all the SSH resources falling under the range
    • From file – If you have a list of the resources in your network saved as a text file, it can be loaded directly and all of them discovered.
    • Subnet – You can also choose to discover resources from specific subnetworks within an IP range using this option.

    Note : The file to be imported must be a text file containing the hostname or IP addresses of individual SSH resources, listed on separate lines. Enter the ports to scan for each resource separated from the hostname or IP address by a space, as illustrated below:

    0.0.0.0 22
    test-username-10 6565
    192.168.20.20 7272

    If you do not specify any port, SSH servers using the default port 22 will be discovered.

  4. For bulk discovery using IP address range and Subnet options, there is an Exclude IP Address field that allows you to exclude specific resources from being discovered. Specify the IP addresses of the resources that need to be excluded one below another.
  5. Specify values for the Time out and the Port options.
    • Time out: Refers to the number of seconds the application tries to discover the resources (each). The default value is 5 seconds.
    • Port: It refers to the port on the end terminal used for SSH communication. Port 22 is used by default for SSH communications.
  6. Click the Discover button.

When you click the Discover button, you will be redirected to the Discovery Status page where the status of the current discovery instance is updated.

Discovery

Discover Resources Automatically Through Schedules

Resource discovery can also be scheduled to occur at periodic intervals.

  1. Click the Schedule tab in the GUI.
  2. Click the Add Schedule button.
  3. In the Add Schedule window, enter a name for the schedule and select the type of schedule as SSH Discovery.
  4. Specify the start and end IP addresses and the port on the end terminal used for SSH communication.
  5. Select the recurrence type – hourly, daily, weekly, monthly, or once only. Set the starting time, date, or day corresponding to the option chosen.
  6. Enter the email addresses of the users to be notified.
  7. Click the Save button.

You will get a message confirming addition of a new schedule.

The result of the schedule execution will get updated in the Schedule audit and the Discovery audit tabs.

The discovered SSH resources, with either manual or scheduled discovery executions, are automatically added to the resources list and can be viewed from the SSH → SSH servers tab in the GUI.

 

Step 2: Provide credentials to connect to the resource(s).

After discovering the resources, the next step is to provide credentials to establish connection between Key Manager Plus and the resources. This is a one time operation. Key Manager Plus just requires the credentials of any one user to establish connectivity and enumerate all SSH users in the resource. In that case, Key Manager Plus will get key management privileges for that particular SSH user account alone. Subsequently, you can enter the credentials for other users to enable Key Manager Plus to ‘manage’ them. On the other hand, if root credentials are given, Key Manager Plus will not only enumerate all the SSH users, but also gets management privileges over all users.

To enter the user credentials:

  1. Navigate to the SSH → SSH servers tab in the GUI.
  2. Click the Credentials icon.
  3. Key Manager Plus supports connection establishment with resources that utilize either password or key based authentication.
    1. For resources that utilize password based authentication, enter the username and password of one of the user accounts present in the resource.
    2. For password-less resources that utilize key based authentication, provide the private key associated with one of the user accounts. You can either browse and upload the user private key from your system or choose from the "Select Key" drop-down if you have already added it to Key Manager Plus' SSH key repository.
  4. Select the Root/Administrator check box if the credential is that of a root user or an administrator.
  5. Click the Save button.

When the accurate credential of a particular account is entered, all user accounts available in the resource are automatically enumerated.

Provide Credentials

Also, you can simultaneously upload credentials for resources in bulk using the Credentials option from the top menu. This works in cases where two or more resources operate with the same credentials.

 

Step 3: Enumerate the SSH users in resource(s).

After establishing connectivity, the next step is to enumerate the SSH users in the resource. Once you establish connectivity as explained in step 2 above, Key Manager Plus automatically enumerates all SSH user accounts within that resource.

 

Step 4: Specify the credentials for each enumerated user for SSH key management.

After enumerating the SSH users from the resource, Key Manager Plus requires the credentials of each user account to commence SSH key management process. If you have specified the root account credentials for any resource in step 2 above, Key Manager Plus automatically gets management privileges for those particular resources.

To enter the password for enumerated user accounts:

  1. Navigate to SSH → SSH Users tab.
  2. If the password is the same for all / many user accounts, select the accounts and click the Credential button. Enter the password. This same password is applied for all the selected user accounts.
  3. If the password differs, click the Credentials icon against the required account and enter the password.
  4. Click the Save button.

When you click save, you will get a confirmation that the credentials have been updated.

Provide Credentials

Import SSH user credentials

If you have the list of user credentials in a text file, you can import them to Key Manager Plus.

To import the user credentials from the system:

  1. Navigate to SSH → SSH Users tab in the GUI.
  2. Click the Import Credentials icon available in the top-right corner of the window, above the table.
  3. Click the Browse button and select the text file from the system.
  4. Click the Import button.

Note : The file to be imported must be a text file with the format given below. For clarity, export a user credential and follow the format used.

Format : Resource name, User name, Password

 

 

Step 5: Import the discovered keys to Key Manager Plus.

The discovery and the subsequent connectivity establishment and credential supply processes enumerate the SSH keys associated with the resources. You are now required to import the keys to Key Manager Plus.

As mentioned in step 4, Key Manager Plus requires SSH user credentials for SSH key management. If the credentials are in place, you can import the SSH keys already discovered. To import the key files from the discovered SSH resource:

  1. Navigate to the SSH → Discovered Keys tab in the GUI.
  2. The SSH keys are listed with their details. Select the keys you want to import.
  3. Click the Import button.

The imported keys can be viewed from the SSH → SSH keys tab.

Note : If the keys are protected with a passphrase, even though the import operation will execute successfully, while associating with user accounts, you need to enter the passphrase to use the key.

Import keys from systems

In addition to the automated discovery of key files from the SSH servers, you can also specify the location, and import the keys present in any system. To import the key files from the system:

  1. Navigate to the SSH → SSH keys tab in the GUI.
  2. Click the Import Keys icon available in the top-right corner of the window, above the table.
  3. Click the Browse button and select the key file within the system.
  4. Enter the name and passphrase of the key.
  5. Click the Add button to include the key in the repository.

Note : If the key is protected with a passphrase, then the same has to be entered to successfully import the key.

 

Step 6: Create new keys and deploy them.

Key Manager Plus also allows you to create new key pairs and deploy them on target systems. The create and deploy feature of Key Manager Plus can be used for one click generation and deployment of keys. Unique key pairs are generated for each user account and the corresponding keys are deployed automatically in user accounts of the target servers.

The SSH key pair can be generated using RSA / DSA algorithms as per the details below:

RSA – 1024, 2048, or 4096 bit keys

DSA – 1024 bit keys.

To create keys:

  1. Navigate to SSH → SSH keys tab in the GUI.
  2. Click the Create option.
  3. In the Create SSH Key window, enter the details of the key, and select the key type and length.
  4. Click the Create Key button to generate the key pair.

You will get confirmation that the new key has been created.

Create new key

To view key passphrase:

Administrators can view the passphrases of keys by clicking on the show passphrase icon ( ) provided at the right end of the keys.

To create and associate keys with all the user accounts in a discovered resource:

  1. Navigate to the SSH → SSH servers tab in the GUI to deploy the keys in all its enumerated user accounts. Or else, navigate to the SSH → SSH Users tab and select the user accounts individually.
  2. Click the Create and Deploy icon in the right corner of the table view corresponding to the required resource.
  3. Select the key comment, type, and length, and click Deploy button to create key pairs and deploy them simultaneously in all the user accounts of the resource, for which credential is available.

Create and deploy

 

Step 7: Associate created or existing keys with users and vice-versa. View key-user relationship.

After importing / creating keys, you can associate the keys with SSH users.

Note :

  1. As mentioned in step 2 above, if root user or administrator credential has been provided for a resource, keys can be associated with all enumerated user accounts of the resource.
  2. If there are no keys available in the Key Manager Plus database, then you will be prompted to create a key during association. Create a key pair and return to these steps.

 

To associate the created or imported keys with the user accounts of a single resource:

  1. Navigate to the SSH → SSH servers tab in the GUI.
  2. Click the SSH users icon in the right corner of the table view.
  3. Select the user accounts for association.
  4. Click the Associate button at the bottom of the SSH users window.
  5. Select a key and again click the Associate button.

You will get a confirmation message that the key association has started and you will be redirected to the Key Association Audit page.

Associate keys

To select a SSH key and associate it directly with the user accounts:

    1. Navigate to SSH → SSH Keys tab.
    2. Select a key from the list displayed.
    3. Click the Associate button.
    4. In the SSH Users window, select the user accounts and click the Associate button.

Associate users

Keys can also be created and simultaneously associated with the user accounts. To do this:

  1. Navigate to the SSH → SSH servers tab in the GUI.
  2. Click the SSH users icon in the right corner of the table view.
  3. Select the user accounts.
  4. Click the Associate button at the bottom of the resource users window.
  5. In the new window, click the Create Key icon beside the Select Key drop-down list.
  6. Enter details of the key and click the Create Key button.
  7. Select the new key from the Select Key list and click the Associate button.

You can view a trace of the key to its resource and the user accounts. To trace this key to user relationship:

  1. Navigate to the SSH → SSH Keys tab.
  2. Click the desired key name.
  3. Click the Association graph icon in the top-right corner of the window.

A pictorial representation of the relationship between the key and resource will be displayed in the form of a map. When you click the resource name, the user accounts of the resource can be viewed, and you can connect with the user accounts associated with the selected key.

Key to user relationship

 

Step 8: Perform key management operations (edit, rotate, dissociate, delete) and launch direct terminal connections.

Rotate SSH Keys

You can configure Key Manager Plus to automatically rotate the SSH keys at periodic intervals. With a single click, all the deployed keys can be replaced. The keys can be rotated based on a schedule, or anytime based on your need.

Manual Key Rotation

To rotate the keys manually:

  1. Navigate to SSH → SSH Keys tab.
  2. Select the keys to be rotated.
  3. Click the Rotate option.

A confirmation message will be displayed and you will be redirected to the Key Rotation audit page where the status of rotation is updated.

Note : Only the keys which have already been associated with user accounts of resources can be rotated.

Scheduled Key Rotation

To schedule the rotation of keys:

  1. Click the Schedule tab in the GUI.
  2. Click the Add Schedule button.
  3. In the Add Schedule window, enter a name for the schedule and select the type of schedule as Key rotation from the drop-down list.
  4. Select the keys to be rotated.
  5. Select the time and date for rotation. Enter the email addresses of the users to be notified.
  6. Click Save.

The result of the schedule execution will get updated in the Schedule audit and the result of the rotation of the keys will get updated in the Key Rotation audit.

Dissociate Keys From SSH Users

When a SSH user leaves the organization or is provided temporary privileged access, you can dissociate the keys associated with the user to and discontinue access. Until you dissociate all the SSH keys, you cannot delete the user account nor the resource.

To select the keys and dissociate it from the users accounts:

  1. Navigate to the SSH → SSH Keys tab.
  2. Select a single key which has to be dissociated.
  3. Click the Dissociate button from the More drop-down list.
  4. If the key is associated with a single user account click OK in the confirmation dialog box to dissociate the key.
  5. If the key is associated with multiple user accounts, select the user accounts from which the key has to be dissociated and click the Dissociate button in the Dissociate Users window.

To select the user accounts and dissociate keys from it:

  1. Navigate to the SSH → SSH Users tab.
  2. Click Dissociate from the More option
  3. If the user account is associated with a single key, select OK in the pop-up window.
  4. If more than one key is associated with the selected user, select the keys which have to be dissociated and click the Dissociate button in the Dissociate Keys window.

Note : When you select and delete the user accounts enumerated in Key Manager Plus, the SSH keys associated with them are automatically dissociated.

Push Keys to remote user accounts:

In addition to deployment, Key manager Plus allows you to push a private key or a public key or both onto its associated users.

To push a key file to remote user accounts,

This feature is also available as a part of Key Rotation schedule. After the scheduled key rotation is performed and fresh key pairs are created and deployed, you can automatically push either the private key or both the private and public keys onto its selected associated users by enabling the 'push key to user' option instead of pushing the key files manually after every scheduled rotation.

Add commands and restrict host per key

You can add commands to specific user accounts, thereby providing an additional layer of restriction enabling them to only execute the commands on establishing connection with the host. Also you can predefine appropriate key to user relationship by specifying the IP address of the user in the appropriate format (as specified below).

To add command to a public key,

To restrict hosts for a key, click on Add Command and provide the name or IP addresses of the hosts in the following format. i.e.,(from="host1/ip1,host2/ip2")

Edit authorized_keys file

You can fetch authorized_keys files from various user accounts, edit the key content and push them to respective user accounts from Key Manager Plus.

To do this,

Secure File Transfer

You can securely transfer files from your system to specific user accounts using Secure Copy Protocol (SCP) in Key Manager Plus. To perform secure file transfer,

Note :

  • Since file transfer using SCP is essentially based on SSH, you have to initially associate SSH keys to the required user accounts before transferring files.
  • Currently, you can upload a maximum file size of 16MB per transfer.

Delete Keys

When you try to delete the SSH keys from Key Manager Plus repository, they are first dissociated automatically from their user accounts. Key deletion fails for the SSH keys that are not dissociated from all their user accounts.

To delete the SSH Keys:

  1. Navigate to the SSH → SSH Keys tab.
  2. Select the keys to be deleted.
  3. Click the Delete button from the More drop-down list.
  4. Click OK in the confirmation window.

Launch Terminal Connection

Once you have associated a key with the respective user accounts, you can launch direct connection to the server via Key Manager Plus. You can connect directly from the SSH → SSH Users tab, by clicking the Connect icon against the required user. You can also navigate to the SSH → SSH Servers, or the SSH → SSH Keys tabs, and drill down to the user accounts associated, and then click the Open Connection icon.

A new window will open up with connection established with the required server, using the selected user account.

 

Step 9: Organize SSH resource, keys, and users as groups for bulk management.

Key Manager Plus gives the provision to create groups of resources for easy organization and to carry out operations in bulk. You can assign, delete, or modify the group similar to working with a single resource.

The list of items available in a group is enumerated in their respective tabs. You can drill down to the individual items by clicking the name of a group.

 

SSH Resource Group

Create Resource Groups

To create a resource group:

  1. Click the Resource group icon in the top-right corner of the SSH → SSH servers tab
  2. Click the Add group button. You will be redirected to the Add resource group window.
  3. Enter the name of the group. Take care while choosing the name since it cannot be edited later.
  4. You can choose the resources to be added
  5. in a group in 2 ways:
    • By Specific resource – Select the resources to be added to the group, individually.
    • By Criteria– This serves as dynamic resource grouping. You will specify the exact criteria based on which you want to create the group. Here, you have many options to choose from - you can search for resources based on host name, ip address etc. and filter the search in fine-grained manner based on the criteria such as "contains", "does not contain", "equals" "not equal", "starts with" and "ends with". Click the Matching Resources button at the bottom-right corner of the window to see the corresponding resources.

      Note : If you select the By Criteria option, the conditions specified are applicable to resources to be discovered in future too. If any of the resources match the criteria, they will be automatically included into the new group.

  6. Click Save.

Create resource group

Edit Resource Groups

To make changes to an existing resource group:

  1. Click the Resource group icon in the top-right corner of the SSH → SSH servers tab.
  2. Click the Edit icon present in the right corner of the table view.
  3. You can change the resource selection type and edit the resources available in a group or add, modify, or delete, the filters applicable to a group.

Once you make changes to the group and save, a message will be displayed confirming the update of the changes.

Note : The name of the group cannot be modified. However, you can add or modify the description and the list of resources.

Delete Resource Groups

You can delete the resource groups provided they are not assigned to any user at the time of deletion.

To delete a resource group:

  1. Click the Resource group icon in the top-right corner of the SSH → SSH servers tab.
  2. Select the resource groups.
  3. Click the Delete button.

A pop-up window will appear to make sure that the selected resources are to be deleted. Click OK to delete the groups.

Note : You will not be able to delete resource groups that are currently assigned to a Key Manager Plus user account.

SSH key group management

Create Key Groups

To create a group of SSH keys:

  1. Click the Key group icon in the top-right corner of the SSH → SSH keys tab.
  2. Click the Add group button. You will be redirected to the Add key group window.
  3. Enter the name of the group. Take care while choosing the name since it cannot be edited later.
  4. You can choose the resources to be added in a group in 2 ways:
    • By Specific key – Select the keys to be added to the group, individually.
    • By Criteria – This serves as dynamic key grouping. You will specify the exact criteria based on which you want to create the group. Here, you have many options to choose from - you can search for specific keys based on its name, type, length, or creator, and filter the search in a fine-grained manner based on the criteria such as "contains", "does not contain", "equals" "not equal", "starts with" and "ends with". Click the Matching Keys button at the bottom-right corner of the window to see the corresponding keys.

      Note : If you select the By Criteria option, the conditions specified are applicable to keys that are discovered later too. If any of the those keys match the criteria, they will be automatically included into the new group.

  5. Click Save.

In addition, you can directly select individual keys from the SSH → SSH Keys tab and click the Create Group button for faster group creation.

Create key groups

Edit Resource Groups

Edit Key Groups

To make changes to an existing key group:

  1. Click the Key group icon in the top-right corner of the SSH → SSH keys tab.
  2. Click the Edit icon present in the right corner of the table view.
  3. You can change the key selection type and edit the keys available in a group or add, modify, or delete the filters applicable to a group.

Once you make changes to the group and save, a message will be displayed confirming the update of the changes.

Note : The name of the group cannot be modified. However, you can add or modify the description and the list of keys available in it.

Rotate keys of a key group

To rotate all the keys of a key group:

  1. Navigate to the SSH → SSH keys tab.
  2. Click the Key Group icon in the top-right corner of the screen.
  3. Select the key groups and click the Rotate button.

You will be redirected to the Key rotation audit window where the status of key rotation is updated.

Delete Key Groups

To delete a key group:

  1. Click the Key group icon in the top-right corner of the SSH → SSH keys tab.
  2. Select the key groups.
  3. Click the Delete button.

A pop-up window will appear to make sure that the selected groups are to be deleted. Click OK to delete the groups.

SSH User Group management

Create SSH User Groups

To create a group of SSH users:

  1. Click the User group icon in the top-right corner of the SSH → SSH users tab.
  2. Click the Add group button. You will be redirected to the Add user group window.
  3. Enter the name of the group. Take care while choosing the name since it cannot be edited later.
  4. You can choose the resources to be added in a group in 2 ways:
    • By Specific user – Select the users to be added to the group, individually.
    • By Criteria – This serves as dynamic user grouping. You will specify the exact criteria based on which you want to create the group. Here, you have many options to choose from - you can search for specific users based on its user name, host name or IP address, and filter the search in a fine-grained manner based on the criteria such as "contains", "does not contain", "equals" "not equal", "starts with" and "ends with". Click the Matching Users button at the bottom-right corner of the window to see the corresponding users.

      Note : If you select the By Criteria option, the conditions specified are applicable to users that are discovered later too. If any of the those users match the criteria, they will be automatically included into the new group.

  5. Click Save.

In addition, you can directly select individual users from the SSH → SSH Users tab and click the Create Group button for faster group creation.

Create key groups

Edit User Groups

To make changes to an existing user group:

  1. Click the User group icon in the top-right corner of the SSH → SSH users tab.
  2. Click the Edit icon present in the right corner of the table view.
  3. You can change the user selection type and edit the users available in a group or add, modify, or delete the filters applicable to a group.

Once you make changes to the group and save, a message will be displayed confirming the update of the changes.

Note : The name of the group cannot be modified. However, you can add or modify the description and the list of users available in it.

Enter credentials

To enter the credentials and apply it to all the users of a group:

  1. Navigate to the SSH → SSH Users tab.
  2. Click the User Group icon in the top-right corner of the screen.
  3. Select the user groups and click the Credential button.
  4. Enter the Login Password that is applicable to all the users in the selected groups, and click Save.

Associate key

To associate single key with all the users of a group:

  1. Navigate to the SSH → SSH Users tab.
  2. Click the User Group icon in the top-right corner of the screen.
  3. Select the user group and click the Associate button.
  4. Select the key and click the Associate button in the Public key association window.

You will be redirected to the SSH key window wherein the status of association is updated.

Create and deploy

You can use the Create and Deploy feature of Key Manager Plus for one click generation and deployment of keys. Unique key pairs are generated for each user account and the corresponding keys are deployed automatically in user accounts of the target servers.

This feature can be applied to create keys and deploy them across all the user accounts of a user group as well. To create and deploy keys for user groups:

  1. Navigate to the SSH → SSH Users tab.
  2. Click the User group icon in the top-right corner of the window.
  3. Select the user groups and click the Create and Deploy button.
  4. Select the details of the key and click the Deploy button in the Create and Deploy window.

The status of the key deployment can be viewed from the Audit tab in the GUI.

Delete User Groups

To delete a group of users:

  1. Click the User group icon in the top-right corner of the SSH → SSH users tab.
  2. Select the user groups.
  3. Click the Delete button.

A pop-up window will appear to make sure that the selected groups are to be deleted. Click OK to delete the groups.

Miscellaneous Operations

Manage Users without Credentials

If you want to manage user accounts without entering their respective credentials:

  1. Navigate to the SSH → SSH servers tab in the GUI.
  2. Click the SSH Users icon against the required resource.
  3. Click the Add User icon in the top-right corner of the SSH Users pop-up window.
  4. Enter the user name and click the Save button to add the user account to the resource.

Once the user account is added to the resource, you can proceed with the key association process as described from step 6 above.

Manual User Enumeration

With the addition of users in the remote system, use the Enumerate option to reflect subsequent changes in Key Manager Plus. To enumerate the appended SSH user accounts of the discovered resource:

  1. Navigate to the SSH → SSH servers tab in the GUI.
  2. Select single resource.
  3. Click the Enumerate button.

A message will be displayed confirming the start of the enumeration operation.

Customize User home directory

You can customize the home directories of the users, i.e, the location where the public key is to be deployed. To do this:

Navigate to the SSH → SSH Users tab.

  1. Click the Edit User Path from the More dropdown.
  2. Enter the modified path and click Save.

You can modify the directory for a group of users by navigating to the User Group tab from the SSH → SSH Users tab.

Export SSH Keys

To export key files by selecting them from the resources with which they are associated :

  1. Navigate to the SSH → SSH servers tab in the GUI and go to the Resources header tab.
  2. Click the name of the resource in which the key is deployed.
  3. Click the Export SSH key icon available in the right corner of the table view.

To export the key files selecting each key:

  1. Navigate to the SSH → SSH Keys tab.
  2. Click the Export SSH key icon available in the right corner of the table view corresponding to the required key.
  3. Select the destination folder and file name and click save.

Note : Even while exporting, the passphrases used to protect the keys are still in effect. That is, if the keys are to be used elsewhere, the passphrases have to be provided.

Export SSH user credentials

To export the user credentials from Key Manager Plus to the system:

  1. Navigate to SSH → SSH Users tab in the GUI.
  2. Select the users whose credentials you would like to export.
  3. Click the Export Credentials icon available in the top-right corner of the window above the table.
  4. Select the destination directory and click Save.

Note : While exporting, only the resource name and user name are exported while the password is not.

Delete SSH users

When a user account is deleted, first any associated keys are dissociated from them. You will not be able to delete the user accounts until all SSH keys are dissociated from them.

To delete a user account:

  1. Navigate to the SSH → SSH users tab.
  2. Select the user accounts.
  3. Click the Delete button.

Note : If a user account is deleted, it is no longer enumerated within a resource. To list a user account deleted from Key Manager Plus (but still available in the remote system), the resource will have to be re-enumerated.

Delete resources

To delete a resource:

  1. Navigate to the SSH → SSH servers tab in the GUI
  2. Select the resource(s) that need to be deleted and click Delete from the top menu.
  3. You can choose to either dissociate or retain the SSH keys associated with the user accounts present in the resource. Check "Delete without dissociating key" option to delete the selected resources without dissociating the keys associated with any of its user accounts.
  4. Click OK in the confirmation pop-up window. The selected resources are deleted.

Note : If a user account is deleted, it is no longer enumerated within a resource. To list a user account deleted from Key Manager Plus (but still available in the remote system), the resource will have to be re-enumerated.

SSH Key audits

Audits are generated when SSH keys are associated or rotated using Key Manager Plus. These reports are available in the right-top corner of the SSH → SSH Keys tab.

View SSH key history

Using Key Manager Plus you can view the history of each SSH key, from the moment it was created or imported, and the subsequent rotations along with time-stamps.

To view the history of any key:

  1. Navigate to the SSH → SSH Keys tab.
  2. Select a single key.
  3. Click the Key History button.

Export discovered keys report

A report of the discovered keys can be exported as PDF, or to an email id. To export the report:

  1. Navigate to the SSH → Discovered keys tab in the GUI.
  2. Select a single key.
  3. Click the Export button. You can export the report to the system as PDF file, or to desired email addresses.
    • PDF – Export and save the report of the discovered keys as a PDF in the system.
    • Email – Specify the email addresses to which the report of the discovered SSH keys is to be exported.