Service Account Key Operations

SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. service account keys are acquired by administrators for use with applications and other non-end-user purposes. On the Service Account Keys page, an administrator can view and download existing keys issued for service accounts and generate new key pairs.

Example:  An administrator wants to generate a new SSH key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for the green chicken application, which is a Linux-based log aggregation application. The application uses secure SSH to communicate internally between the server collecting the logs and the servers from which the logs are being collected. All the servers are controlled by the Keyfactor Bash OrchestratorClosed The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise.. The servers are set to both inventory and publish policy. To accomplish this, the administrator:
  1. Uses the Keyfactor CommandManagement Portal to create a new key pair (see Create a Service Account Key). She enters the following information in the form:

    Figure 347: Acquire a New Service Account Key

  2. Downloads the SSH private key on the server doing the log collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports)., from which the SSH connections will be made to collect logs.
  3. Uses the Management Portal to map the new public key for the full service account user name (svc_greenchicken@appsrvr75) to the Linux logons for the service on the servers from which the logs will be collected (see Edit Access to a Server Group).

    Figure 348: Map Service Account Public Key to Logon

    Note:  The servers that the logs will be collected from are organized into a server group so the administrator can create logons and map the service account key using the Access Management option on the Server Group page. If the servers were in different server groups or the server group contained servers which should not be updated with logons and keys for the green chicken service, the administrator would need to create the logons and mappings separately for each server using the Access Management option on the Servers page (see Edit Access to an SSH Server).
  4. Waits for the public key to be published to the servers. The time that this takes depends on the frequency of the server group synchronization schedule (see Add or Edit a Server Group).
  5. Confirms that the service is able to successfully connect using secured SSH.
Tip:  Click the help icon () next to the Service Account Key Operations page title to open the Keyfactor Software & Documentation Portal to this section. You will receive a prompt indicating:

You are being redirected to an external website. Would you like to proceed?

You can also find the help icon () at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Software & Documentation Portal at the home page or the Keyfactor API Endpoint Utility.

Keyfactor provides two sets of documentation: the On-Premises Documentation Suite and the Managed Services Documentation Suite. Which documentation set is accessed is determined by the Application Settings: On-Prem Documentation setting (see Application Settings: Console Tab).