Cisco Account (SSH) Secret Template for RPC

Overview

This document briefly discusses using Secret Server Remote Password Changing (RPC) for Cisco Account (SSH) and Cisco Account (Telnet) accounts. With Remote Password Changing (RPC), secrets can automatically change remote account passwords when a secret expires, either immediately or on a defined schedule. In addition, the new passwords’ strengths and other qualities are completely configurable. See the Password Changer List for a complete list of available password changers.

Secret Server can use scripted password changers for devices that support SSH or Telnet (this allows for flexibility in changing passwords on less common devices). You can also run custom RPC PowerShell scripts to conduct password changes to other platforms.

With the help of the Secret Server, admins can use private SSH keys for PuTTY launcher sessions and RPC tasks—configurable through password changer settings. Secret Server supports SSH key rotation on secrets. For more details, see Secret Key Rotation.

Assigning a Password Changer to a Secret Template

After completing the RPC setup, you can manage the built-in secret templates. Each secret template is specific application and is preconfigured with the password changer best suited to that. For the Cisco Account, we want the Cisco Account template.

You can view and modify secret templates in the Secret Server administration panel. See Creating or Editing Secret Templates for more on the available options. Ensure that the secret template is in active status. See Activating and Deactivating Templates for details.

To navigate to a Cisco Account secret template:

  1. Go to Administration > Secret Secret Server. The Secrets Administration page is displayed.

  2. In the Core Actions section, click Secret Templates. The list of available templates is displayed.

  3. Select a Cisco Account secret template and then click the Mapping tab.

It is available to edit custom password changer commands. For more details, see Editing Custom Commands.

You can check what secret template applies to the selected RPC. The screenshot below shows that a Cisco Account Custom (SSH) RPC is based on the Cisco Account (SSH) secret template. It is possible to assign several password changers to one secret template. For more information, see Assigning a Password Changer to a Secret Template.

Secret Templates determine the fields, launchers, and the remote password changer for secrets. To utilize the Cisco Account template on a secret, see Managing Secrets documentation.