Rotating a Key
The rotate key option is used to replace an existing key that is approaching the end of its life or has been compromised. If key rotation alerts have been configured in the environment (see Key Rotation Alerts), the user will receive an email when the key is approaching the end if its lifetime to instruct the user to rotate his or her keys.
Warning: A given user can only have one SSH
The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. key pair In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. in Keyfactor Command. Generating a new key pair with the rotate option removes the existing key pair from Keyfactor Command. This means any mappings between the Keyfactor user and Linux logon accounts will be updated with the public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. from the new key pair. This essentially invalidates the user's previous private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. for servers managed with the Keyfactor Bash Orchestrator The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise..
The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. key pair In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. in Keyfactor Command. Generating a new key pair with the rotate option removes the existing key pair from Keyfactor Command. This means any mappings between the Keyfactor user and Linux logon accounts will be updated with the public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. from the new key pair. This essentially invalidates the user's previous private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. for servers managed with the Keyfactor Bash Orchestrator The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise..The rotate dialog defaults to all the existing settings of the user's current key. At its simplest, users may choose to accept all the defaults, enter a passphrase to encrypt the downloaded private key and click save to generate the new key pair.
To rotate an SSH key pair:
- In the Management Portal, browse to SSH > My SSH Key.
- On the My SSH Key page, click Rotate.
Figure 300: Rotate an SSH Key Pair
- In the Key Information section of the Rotate dialog, modify the existing Key Type in the dropdown, if desired (see Key Type).
- In the Key Information section, modify the existing Key Length in the dropdown, if desired (see Key Length). The available key lengths will vary depending upon the option select in the Key Type dropdown.
- In the User Information section, confirm that the displayed Username matches the Active Directory user name you wish to associate with your key. This field defaults to your logged in username and cannot be edited.
- In the User Information section, modify the existing Email address, if desired. This address is used for key rotation alerts (see Key Rotation Alerts). This field is required.
- In the User Information section, enter a Passphrase to encrypt the downloaded copy of the private key of the key pair. You will need to provide this passphrase again when you use the private key to connect via SSH. By default, the minimum password length is 12 characters (see the SSH Key Password setting in Application Settings: SSH Tab). This field is required.
- In the Key Comment section, modify the existing Comment to include with the key, if desired. This field is optional.
Tip: Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks.
- Click Save to create the new key pair.
Tip: Once the key pair is generated, the user needs to download the private key as an encrypted file and store it locally and an administrator needs to use Keyfactor Command to associate the user's Keyfactor user account with his or her Linux logon account on the target server that the user wishes to access via SSH. After this is complete and the orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. has published the user's public key to the target server, the user may connect via SSH to the target server using the new private key for authentication. For more information, see SSH.
Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. has published the user's public key to the target server, the user may connect via SSH to the target server using the new private key for authentication. For more information, see SSH.
