Unix Account (SSH) Secret Template for RPC

Overview

This document briefly discusses using Secret Server Remote Password Changing (RPC) for Unix Account (SSH) accounts. With Remote Password Changing (RPC), secrets can automatically change remote account passwords when a secret expires, either immediately or on a defined schedule. In addition, the new passwords’ strengths and other qualities are completely configurable. See the Password Changer List for a complete list of available password changers.

With this Secret Server feature, admins can use private SSH keys for PuTTY launcher sessions, RPC tasks (configurable through password changer settings), and Unix and Linux discovery. Passphrases can additionally be stored, if necessary, to decrypt the private keys for additional security. The Unix Account (SSH) secret template includes text-entry fields for the private key and passphrase by default.

The SSH Key template is included by default and can be used to store SSH keys that can later be selected for RPC, discovery, or launcher authentication for other secrets.

The Unix Account (SSH) secret template uses password changers that change the public key in the account's authorized_keys file and the account password. Secret Server ships with a password changer and custom command sets that allow an account to change its public key and password, as well as a password changer and custom command sets that change a user's public key and password using a privileged account. These scripts can be customized for different Unix environments.

Assigning a Password Changer to a Secret Template

After completing the RPC setup, you can manage the built-in secret templates. Each secret template is specific application and is preconfigured with the password changer best suited to that. For the Unix Account (SSH), we want the Unix Account (SSH) template.

You can view and modify secret templates in the Secret Server administration panel. See Creating or Editing Secret Templates for more on the available options. Ensure that the secret template is in active status. See Activating and Deactivating Templates for details.

To navigate to a Unix Account (SSH) secret template:

  1. Go to Administration > Secret Secret Server. The Secrets Administration page is displayed.

  2. In the Core Actions section, click Secret Templates. The list of available templates is displayed.

  3. Select a Unix Account (SSH) secret template and then click the Mapping tab.

You can check what secret template conforms to the selected RPC. The screenshot below shows that a Unix Account Custom (SSH) RPC refers to the Unix Account (SSH) secret template. It is possible to assign several password changers to one secret template. For more information, see Assigning a Password Changer to a Secret Template.

Secret templates determine the fields, launchers, and the remote password changer for secrets. To use the Unix Account (SSH) template on a secret, see Managing Secrets.