Parent class—Ssh Device Base

Manages Secure Shell (SSH) attributes as an internal parent class.

  • Class Name: Ssh Device Base
  • Inheritance: None

SSH Driver Base attributes

Attribute

Description

Algorithm

UI: Algorithm
Required: No

Policy Definable: Yes. Default: NA

The algorithm for the key:

  • DSA or ssh-dss
  • ECDSA: All ECDSA keysets with keylength P256, P348, and P521.
  • ED25519: For Open SSH and PuTTy.
  • RSA1 or ssh-rsa1
  • Unknown

Allow Duplicate Private
Keys

UI: Allow Duplicate Private
Required: No

Policy Definable: Yes. Default: NA

A setting to manage duplicate private keys during key rotation:

  • 0: Mark duplicate private key as non-compliant and generate a violation that requires user intervention.
  • 1: Allow duplicate private keys.

Allow From

UI: Allow From
Required: No

Policy Definable: Yes. Default: NA

A list of host or IP addresses that can access the device. For use with Authorized keys.

Allow Multiple Authorized Keys

For internal use.

Allow Root Access

UI: Allow Root Access
Required: No

Policy Definable: Yes. Default: 0

Allow the SSH Discovery process root access to the device:

  • 0: Block root access.
  • 1: Allow root access.

Allow Shared Server Accounts

UI: NA
Required: No

Policy Definable: No. Default: 0

The way to manage server accounts:

  • 0: Block shared server accounts.
  • 1: Allow shared server accounts.

Allow Ssh1

UI: Allow Ssh1
Required: No

Policy Definable: Yes. Default: 0

The version of Secure Shell:

  • 0: Allow any version of SecureShell.
  • 1: Allow SecureShell Version 1.

Allow Unencrypted Private Keys

UI: NA
Required: No

Policy Definable: No. Default: NA

The setting to manage encryption for private keys:

  • 0: Require encrypted private keys.
  • 1: Allow unencrypted private keys.

Allowed Algorithm

UI: Allowed Algorithm
Required: No

Policy Definable: Yes. Default: NA

The algorithm for the key:

  • DSA or ssh-dss
  • ECDSA: All ECDSA keysets with keylength P256, P348, and P521.
  • ED25519: For Open SSH and PuTTy.
  • RSA1 or ssh-rsa1
  • Unknown

Allowed Command

UI: Command
Required: No

Policy Definable: Yes. Default: NA

A list of device login options:

  • no-port-forwarding= Forbid TCP forwarding when the key is used for authentication.
  • no-X11-forwarding = Forbid X11 forwarding when the key is used for authentication.
  • no-pty = Forbid pseudo terminal (pty) access.

Allowed Vendor Types

UI: Vendor Types
Required: No

Policy Definable: Yes. Default: OpenSSH

One or more of the following SSH vendors:

  • OpenSSH: Allow secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.
  • PuTTY: Allow encrypted connection to a remote computer.

  • Tectia: Allow encrypted connection to a remote computer and use a secure file transfer program to move files to a remote server.

Automatic Rotation Cleanup Wait

UI: NA
Required: No

Policy Definable: No. Default: NA

Not currently in use.

Automatic Rotation Enabled

UI: Automatic Rotation Enabled
Required: No

Policy Definable: Yes. Default: 0

The setting to manage old keys.

  • 0 = When the key expires, allow the administrator to manually rotate the key.
  • 1 = When the key expires, automatically rotate the key.

Automatic Rotation Interval

UI: Automatic Rotation Interval
Required: No

Policy Definable: Yes. Default: NA

The number of days between device key rotation.

Automatic Rotation Lead Time

UI: Automatic Rotation Lead Time
Required: No

Policy Definable: Yes. Default: NA

The number of days, prior to expiration, to receive notification of the expiring key.

Deny From

UI: Deny From
Required: No

Policy Definable: Yes. Default: NA

A list of host name and IP addresses that cannot access this device. For use with Authorized keys.

Environment

UI: Environment
Required: No

Policy Definable: Yes. Default: NA

The description of the host environment.

Host Trusts

UI: NA
Required: No

Policy Definable: No. Default: NA

The number of host keys on all devices from the keyset.

Key Bit Strength

UI: Key Bit Strength
Required: No

Policy Definable: No. Default: NA

The total number of bytes of the key pair.

Known Hosts

UI: Known Hosts
Required: No

Policy Definable: No. Default: NA

The number of keys in known_hosts files on the device.

Management Type

UI: Management Type
Required: No

Policy Definable: Yes. Default: 0

The manner to manage keys:

  • 0= Detect or scan customer's devices for SSH keys and download them to Trust Protection Platform.
  • 1 = Remediate. Discover and download keys from customer's devices. If the key changed or it is deleted on the remote devices, Trust Protection Platform restores the original key. Allow the administrator to add, edit, or delete SSH keys directly in the UI. Allow key manual rotation.

Maximum Key Age

UI: Maximum Key Age
Required: No

Policy Definable: Yes. Default: 0

The maximum number of days a key remains valid.

Minimum KeyBit Strength

UI: Minimum
KeyBit
Strength
Required: No

Policy Definable: No. Default: 0

The minimum number of bytes for the key pair.

Required Options

UI: Required Options
Required: Yes

Policy Definable: No. Default: NA

A list of login options for use with Authorized keys.

Root Server Access

UI: Root Server Access
Required: No

Policy Definable: No. Default: NA

The number of user root keys on all devices from the keyset.

Server Access

UI: NA
Required: No

Policy Definable: No. Default: NA

The number of user keys on all devices from the keyset.

Ssh Device Status

UI: NA
Required: No

Policy Definable: No. Default: NA

The current status of the device. For more information, see SSH Discovery and stage codes

Ssh Device Type

UI: NA
Required: No

Policy Definable: No. Default: NA

The entity:

  • Client: A stand alone computer.
  • Server: A system that services one or more clients or other servers.
  • ClientServer: A client computer with connectivity to a server.

Trusted Root Users

UI: NA
Required: No

Policy Definable: No. Default: NA

The number of root user keys on the device.

Trusted Users

UI: NA
Required: No

Policy Definable: No. Default: NA

The number of user authorized keys on the device.

Update Cache

UI: NA
Required: No

Policy Definable: No. Default: NA

The setting to refresh the Trust cache.

  • 0: Do not refresh.
  • 1: Refresh the Trust cache.