Client and root access orphans

Before simply removing orphaned keys, you should first identify why the keys are orphaned. For example, a non-root account orphan could have a legitimate private key that simply could not be discovered by Trust Protection Platform. This can happen when a key is on a server that has no agent installed, or it could be on a client that is external to your network.

Orphaned public key because Bob's private key is missing

Orphans are typically resolved in the following ways:

  • Remove the Orphan: If you cannot verify the owner to establish trust, you should remove the orphaned key.

  • Add Self-Service Key: If you trust the owner of the private key and have a legitimate email address, use this option. Creating a manual key (also called a self-service key) allows the keyset to move from the orphans list to the trusted keysets list.

    For more information, see Mapping to a self-service key.

  • Locate SSH devices and scan for keys: By setting up Client Group Settings and group rules, you can scan and locate keys on devices where the Server Agent is installed. This is the preferred method for discovering keys and certificates.

    For more information, see Setting up SSH remediation work.

  • Monitor orphans on the SSH Dashboard: Add the Critical Alerts widget and review Root Access Orphans and Client Access Orphans. Also, use the Trends widget and select Orphans to track orphan activity over time.

    For more information, see SSH critical alerts widget and SSH trends widget.

Related Topics Link IconRelated Topics