Unix Account (SSH) Secret Template for RPC

Overview

This document briefly discusses using Verify Privilege Vault Remote Password Changing (RPC) for Unix Account (SSH) accounts. With Remote Password Changing (RPC), secrets can automatically change remote account passwords when a secret expires, either immediately or on a defined schedule. In addition, the new passwords’ strengths and other qualities are completely configurable. See the Password Changer List for a complete list of available password changers.

With this feature, admins can use private SSH keys for PuTTY launcher sessions, RPC tasks (configurable through password changer settings), and Unix along with Linux discovery. Passphrases can be stored, if necessary, to decrypt the private keys for additional security. The Unix Account (SSH) secret template includes text-entry fields for the private key and passphrase by default.

The SSH Key template is included by default and can be used to store SSH keys that can later be selected for RPC, discovery, or launcher authentication for other secrets.

The Unix Account (SSH) secret template uses password changers that change the public key in the account's authorized_keys file and the account password. Verify Privilege Vault ships with a password changer and custom command sets that allow an account to change its public key and password, as well as a password changer and custom command sets that change a user's public key and password using a privileged account. These scripts can be customized for different Unix environments.

Assigning a Password Changer to a Secret Template

After completing the RPC setup, you can manage built-in secret templates. Each secret template is application-specific and is preconfigured with the password changer best suited to that application. For this example you will use the Unix Account (SSH) template.

You can view and modify secret templates in the Verify Privilege Vault by searching for "secret templates". See Creating or Editing Secret Templates for more on the available options. Ensure that the secret template is in active status. See Activating and Deactivating Templates for details.

To navigate to a Unix Account (SSH) secret template:

  1. Search for Secret Templates and select it. The list of available templates is displayed.

  2. Select the Unix Account (SSH) secret template.

  3. Access the Mapping tab.

Secret templates determine the fields, launchers, and the remote password changer for secrets using that template. To use the Unix Account (SSH) template on a secret, see Managing Secrets. It is possible to assign several password changers to one secret template. For more information, see Assigning a Password Changer to a Secret Template.