Configuring SSH Manager for Machines to issue SSH certificates
The initial configuration of SSH Manager for Machines to allow it to function as an SSH certificate authority (SSH CA) is typically done by a CyberArk Trust Protection Foundation - Self-Hosted system administrator. If you are wanting to use SSH certificates in your environment and these features aren't available to you, contact your system administrator, who will be able to configure the system to support this feature.
The CyberArk Trust Protection Foundation - Self-Hosted system administrator needs to do the following:
-
Enable the necessary components in CyberArk Configuration Console
-
Create at least one new SSH certificate issuance template
-
Configure your Open SSH servers to trust your SSH CA
This topic will help you with the first step: enabling the necessary components to make SSH certificates available. The other necessary steps are detailed in subsequent topics.
To enable the necessary components in CyberArk Configuration Console
-
Connect to the CyberArk Trust Protection Foundation - Self-Hosted server using a remote desktop connection.
TIP You need to do this on only the Trust Protection Foundation server(s) that you intend to use for issuing SSH certificates. For example, if you have a dedicated log server or a dedicated discovery server, you do not need to enable the SSH certificate components on those servers.
-
Launch the CyberArk Configuration Console (VCC).
-
Click the Product node in the left panel.
-
[Optional] In the Group by drop-down, select Product.
-
Review the following components to make sure they are enabled.
-
SSH Key Detection and Remediation
-
SSH Certificate Lifecycle and Monitoring
-
-
If either component was not enabled, click on the disabled component, then in the Actions panel, click Enable.
What's next?
Now that you have at least one CyberArk Trust Protection Foundation - Self-Hosted server that can issue SSH certificates, you need to configure SSH Manager for Machines with one or more SSH certificate issuing templates.