SSH Permissions

Permissions to use the SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. areas of Keyfactor Command are controlled with three security roles specific to this purpose:

  • Enterprise Admin
  • Server Admin
  • User

Most functions in the Management Portal are available to users with the Server Admin role for SSH. The Enterprise Admin role is used to grant administrators the permission to create server groups and change the owner of a server group (see SSH Server Groups). Other than these two things, users with the Server Admin role and those with the Enterprise Admin role have the same level of access. Users with the User role (and neither of the SSH admin roles) can access only the My SSH Key page to allow them to generate an SSH key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for their own use.

Tip:  Permissions for the SSH reports and the key rotation alerts (see Key Rotation Alerts) are covered by the standard reporting and workflowClosed A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. permission roles, not by the specialized SSH permission roles.

Table 19: SSH Permissions Table shows the access users with each of these roles has to the SSH functions within the Management Portal.

Action

SSH Enterprise Admin

SSH Server Admin

SSH User

User Key: Generate and Rotate (My SSH Key)

Yes

Yes

Yes

User Key: Download (My SSH Key)

Yes

Yes

Yes

Service Account Key: View and Search for Service Account Keys

Yes

Limited1

No

Service Account Key: Add

Yes

Limited2

No

Service Account Key: Edit

Yes

Limited3

No

Service Account Key: Delete

Yes

Limited4

No

Service Account Key: Download

Yes

Limited5

No

Unmanaged Keys: View and Search for Unmanaged Keys

Yes

Yes6

No

Unmanaged Keys: Delete

Yes

Yes7

No

Server Group: View and Search for Server Groups

Yes

Limited8

No

Server Group: Add

Yes

No

No

Server Group: Edit

Yes

Limited9

No

Server Group: Delete

Yes

No

No

Server Group: View Members of a Server Group

Yes

Limited10

No

Server Group: Edit Access (map an SSH key to a logon for a server group)

Yes

Limited11

No

Server: View and Search for Servers

Yes

Limited12

No

Server: Add

Yes13

Limited14

No

Server: Edit

Yes

Limited15

No

Server: Edit Access (map an SSH key to a logon on a server)

Yes

Limited16

No

Server: Delete

Yes

Limited17

No

Logon: View and Search for Logons

Yes

Limited18

No

Logon: Add

Yes

Limited19

No

Logon: Edit

Yes

Limited20

No

Logon: Edit Access (map an SSH key to a logon)

Yes

Limited21

No

Logon: Delete

Yes

Limited22

No

User: View and Search for Users Yes Limited23 No
User: Edit Access (map an SSH key to a logon) Yes Limited24 No
User: Delete Yes Limited25 No

Table 19: SSH Permissions Table