SSH Users Operations

On the Users tab of the Server Manager page you can view all the SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. users defined in Keyfactor Command. Both users and service accounts are included. See SSH for more information on the difference between users and service accounts. Active Directory groups may also be included if they have previously been used to create Linux logon to Keyfactor user mappings (see Edit Access to an SSH Server). Groups appear without associated keys (since keys are associated with the member users, not the groups). Users may appear here without associated keys if the user account has been used to grant ownership on a server group but the user has not requested an SSH key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key..

On this tab you can see the keys associated with each user and create mappings between the users and Linux logons in order to allow the orchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. to publish new SSH keys for those users to the SSH servers associated with the selected Linux logons (see SSH).

Figure 362: SSH Users Grid

On the Details tab of the Edit User dialog, you can view details about the user and associated key. On the Access Management tab of the Edit User dialog, you can map Keyfactor user accounts to Linux logon account to cause the SSH keys in Keyfactor Command associated with those Keyfactor users to be published to the authorized_keys file of the Linux user (see SSH).

Tip:  For keys created through the My SSH Key portal (see My SSH Key Operations), a Keyfactor user is an Active Directory user account. For keys created through the Service Account Keys page (see Service Account Key Operations), a Keyfactor user is a user-generated service account name of the form servicename@hostnameClosed The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername)..

To map an Keyfactor user to a Linux logon:

  1. In the Management Portal, browse to SSH > Server Manager.
  2. On the Server Manager page, select the Users tab.
  3. In the Users grid locate the user whose key you wish to publish to one or more Linux logons.
  4. Double-click the user, right-click the user and choose Edit Access from the right-click menu, or highlight the row in the users grid and click Edit Access at the top of the grid.

  5. On the Access Management tab in the Login Access dropdown, select a logon to associate the user or service account with. A logon will appear more than once if it exists on more than one server. Be sure to select the logon on the correct server. Click Add.

    Figure 363: Edit Access for a Keyfactor User

  6. Click Save to save the access management settings.
Tip:  Only the mappings of Keyfactor users to Linux logons on the Access Management tab are editable in an existing user record. Nothing on the Details tab of the Edit Users dialog is editable.

To delete a user, highlight the row in the users grid and click Delete at the top of the grid or right-click the user in the grid and choose Delete from the right-click menu.