SSH/SSL Notification Settings
You can get notified if SSH keys are not being rotated continuously, or if SSL certificates are about to expire. Options are provided for users to be notified either through e-mail or syslog.
Steps to Configure
- Navigate to the Admin >> SSH/SSL >> Notification.
- You can choose to get notifications regarding SSL certificates expiry or SSH key rotation failure for the configured time period or both by selecting the respective check-boxes.
- You can choose to be notified in two ways :
- Click Save.
<190> Key_Name:172.21.147.130_test123_id Days_Exceeded:0 Modified_On:2016-02-16 17:41:24.008
<190> Parent_Domain: manageengine.com Included_Domain: kmp.com Days_to_Expire: 100 Expire_Date: 5.08.2017
Note : The number of days specified in the SSH key rotation and SSL certificate expiry notification policy will be applied to the dashboard settings also.
SSH Policy Configuration
Password Manager Pro allows you to create a high level policy on SSH keys management. You can specify whether to retain or overwrite the existing keys. That means, when Password Manager Pro creates new keys if they are to be appended to the existing ones or they should be deleted. The second option helps you to remove all existing keys and have a fresh start. Your SSH environment will have only the keys that were generated by the Password Manager Pro. Password Manager Pro carries out these changes in the authorized_keys file directly.
From the SSH Policy , you can set the option for adding keys to the authorized_keys file. You can choose from:
- Append – Allows you to retain existing keys as well the new ones deployed by Password Manager Pro.
- Overwrite – Removes all existing public key information from the authorized keys file and retains the public keys deployed from Password Manager Pro only. This is what we call as clean start.
To change the policy configuration:
- Navigate to the Admin >> SSH/SSL >> SSH Policy Configuration
- Select to either Append or Overwrite the keys.
- Click Save.
You will get a confirmation that the SSH policy settings have been updated.