Taking actions on an SSH keyset

When you are working with SSH keys and keysets, you will sometimes need to perform some action on the key or keyset. In Trust Protection Platform, you manage keys and keysets in SSH Protect.

There are several actions you can take from the keyset details page, including:

  • Main keyset details page buttons:

    • Move - You can move this keyset from it's current folder (and associated policy settings) into a different folder (with it's policy settings) in Aperture. For more information, see Moving SSH keys.
    • Rollback - If you have rotated a keyset, Trust Protection Platform keeps a history of former key values. If a rotation is unsuccessful or for another reason needs to be rolled back to a previous state, you can click the Rollback option.
    • Rotate a keyset - As a matter of policy, it is a good idea to periodically rotate private and authorized keys to protect against unauthorized use of keys to access your protected systems. Trust Protection Platform provides the ability to rotate all types of keysets, replacing the private keys, and removing old public keys from the access lists. For more information, see Rotating SSH keys.

  • Actions on the Private Keys tab

    • Generate Report - On either the Authorized keys list or the Private keys list, you can use the Generate Report button to create a custom report for that key's data. Custom report data can be exported, for example, to business analytics tools for further analysis and tracking.
    • Add a new key - You can easily add a new key to a keyset in Trust Protection Platform. For more information see Adding a public or private key to a keyset.
    • Delete a key - When you need to remove a key from a keyset, you can select the box next to the key you want to delete, then click Delete. For more information see Removing SSH keys.

    • Mark As - Allows you to manually review keysets as being OK, or as needing action. Select the box next to the key you want to review, then click Mark As, and select an option.

      If you mark as OK, that data is shown below the key in the Risks column with the date and username of the person who reviewed it.

      If you mark as Needs Action, select a reason from the list, and assign a user to take the action. This information is shown in the Risks column with the date and the username of the person who reviewed it.

    • Retry - If one or more of the selected keys is in an errored state, you can click the Retry button to re-attempt the action.
    • Cancel - If one or more of the selected keysets is being provisioned, you can click Cancel to stop provisioning.
    • Set Passphrase - For private keys, you can specify a new passphrase for the private key. Enter the new passphrase, then click Set Passphrase button again. The key will automatically begin provisioning with the new passphrase.
    • Download - Click to download the private key. Select the options in the dialog, then click the Download button again, then save the file to your local machine.

  • Actions on the Authorized Keys / Known Host Keys tab

    • Generate Report - On either the Authorized keys list or the Private keys list, you can use the Generate Report button to create a custom report for that key's data. Custom report data can be exported, for example, to business analytics tools for further analysis and tracking.
    • Add a new key - You can easily add a new key to a keyset in Trust Protection Platform. For more information see Adding a public or private key to a keyset.
    • Delete a key - When you need to remove a key from a keyset, you can quickly delete it in Aperture. For more information see Removing SSH keys.

    • Mark As - Allows you to manually review keysets as being OK, or as needing action. Select the box next to the key you want to review, then click Mark As, and select an option.

      If you mark as OK, that data is shown below the key in the Risks column with the date and username of the person who reviewed it.

      If you mark as Needs Action, select a reason from the list, and assign a user to take the action. This information is shown in the Risks column with the date and the username of the person who reviewed it.

    • Retry - If one or more of the selected keys is in an errored state, you can click the Retry button to re-attempt the action.
    • Cancel - If one or more of the selected keysets is being provisioned, you can click Cancel to stop provisioning.
    • Edit key options - You can edit an authorized key to modify the options, or to accept or deny connections from certain hosts, or to modify the forced command for the key. For more information see Editing Known Host key options.

  • Actions on the Permissions tab (only visible if the keyset is in a policy folder)

    • Add Identity - Allows you to specify a user and give them specific permissions for this keyset that override their normal permissions for the keyset.