Creating an SSH Secret

This topic details and information you need to allow you to create and configure SSH secrets.

Prerequisites

Public and Private SSH Key Pair available

Remote server:

• The User is created on the server

  Note: This user is different from the Vault User

• The Public Key is copied to the server, in the User's .ssh/authorized_keys file. You can copy the public key using the command ssh-copy-id. This allows the user to log on to the server without a password.

• Ensure the User can log on to the remote server using their private SSH key

KeyControl:

• A copy of the private SSH key is required when configuring the SSH secret

• The user name on the remote server

• The remote server IP address

Overview of what you need to do on KeyControl Vault

• Add a box to store the SSH secrets

• Add SSH private key to the box. This is the same private key configured on the remote server

• Add user. The user name must match the user name used to log on to the remote server

• Add user to the policy so they can access the KeyControl PASM Vault and box

Adding an SSH key secret

To create an SSH key secret, you follow the procedure here Creating a Secret and select the key type SSH key.

You specify the SSH key secret details including the remote server IP, the user name, and you upload the SSH private key.

 

After you have configured the SSH key secret, users can log on to the remote server using their SSH key secret. See Logging on to remote server using SSH Secret.