Working with SSH key folders

If you plan to configure and use SSH discovery and remediation, you should configure the SSH policy before installing and configuring the Server Agent.

The SSH policy folder organizes the SSH infrastructure in your environment. Based on group rules that you configure in SSH Protect, you can define multiple folders under the parent policy that is created to identify locations, etc. When SSH keys are discovered, they are managed in these folders under SSH Keysets.

SSH folders work much like certificate folders. You can lock or suggest settings at the root policy, and then let other administrators determine subordinate policy settings for their location or group.

BEST PRACTICE It's a good idea to set up your SSH system in this order:

Create or modify SSH folders.
Create Client Group Settings in SSH Protect and specify group rules (which determine what devices are to be included within each group).
Configure agent and SSH Discovery work for each Client Group Settings.
Deploy the agent to devices in your network.

After the agent performs its first discovery of SSH keys, use SSH Protect's dashboard and SSH remediation features to track and fix SSH violations. See How Trust Protection Platform secures your SSH environment.

When the Server Agent checks in with Trust Protection Platform to report its discovery results, Trust Protection Platform then creates device, keyset, key instance, and key location objects in the appropriate policy.