SSH/SSL Notification Settings

You can get notified if SSH keys are not being rotated continuously, or if SSL certificates are about to expire. Options are provided for users to be notified either through e-mail or syslog.

Steps to Configure

  1. Navigate to the Admin >> SSH/SSL >> Notification.
  1. You can choose to get notifications regarding SSL certificates expiry or SSH key rotation failure for the configured time period or both by selecting the respective check-boxes.
  2. You can choose to be notified in two ways :
    1. E-mail – Enter the From and To addresses. To enter mail server details, go to Admin >> Settings >> Mail Server Settings.Read More.
    2. Syslog – Enter the IP address of the server and the port to which the syslog is to be delivered. Read More
  3. Click Save.

Syslog Format

SSH

<190> Key_Name:172.21.147.130_test123_id Days_Exceeded:0 Modified_On:2016-02-16 17:41:24.008

SSL

<190> Parent_Domain: manageengine.com Included_Domain: kmp.com Days_to_Expire: 100 Expire_Date: 5.08.2017

Note : The number of days specified in the SSH key rotation and SSL certificate expiry notification policy will be applied to the dashboard settings also.


SSH Policy Configuration

PAM360 allows you to create a high level policy on SSH keys management. You can specify whether to retain or overwrite the existing keys. That means, when PAM360 creates new keys if they are to be appended to the existing ones or they should be deleted. The second option helps you to remove all existing keys and have a fresh start. Your SSH environment will have only the keys that were generated by the PAM360. PAM360 carries out these changes in the authorized_keys file directly.

From the SSH Policy  , you can set the option for adding keys to the authorized_keys file. You can choose from:

  1. Append – Allows you to retain existing keys as well the new ones deployed by PAM360.
  2. Overwrite – Removes all existing public key information from the authorized keys file and retains the public keys deployed from PAM360 only. This is what we call as clean start.

To change the policy configuration:

  1. Navigate to the Admin >> SSH/SSL >> SSH Policy Configuration 
  2. Select to either Append or Overwrite the keys.
  3. Click Save.

You will get a confirmation that the SSH policy  settings have been updated.

©2019, ZOHO Corp. All Rights Reserved.

Top