Setting up SSH remediation work

When you set up SSH remediation work, you are telling Trust Protection Platform how often it should look for SSH remediation work to be done (e.g. key operations, including add, remove, edit, and rotate).

Venafi SSH Protect allows you to schedule the frequency that the keys are checked. A more frequent check-in interval provides higher data integrity, but consumes more resources.

The Key Usage Schedule allows you to configure how often, and when resources are used for validating SSH keys.

Venafi Platform validates SSH keys by sending work to the configured Server Agents, based on the schedule you configure.

To set up SSH remediation work

  1. From the SSH Protect menu, click Clients > Work Settings.

  2. (Conditional) If you have not yet created discovery work, click Add Work.

    For more information, see Creating new work and About Work Types.

  3. On the Work page, click the work you want to configure to open it.
  4. Under SSH Remediation, set SSH Remediation Enabled? to Yes.

  5. Under Schedule in the Remediation Check-in Interval list, select how frequently (Daily, Weekly, Monthly, or On Receipt, etc.) that Trust Protection Platform should push work out to Server Agents.

    NOTE  Using Every minute is not recommended.

    1. Select On Receipt option if you want the agent to execute SSH remediation the moment it receives the work object.
    2. When you select Hourly as the Remediation Check-in Interval, the Remediation Check-in Time field is hidden.

    3. (Conditional) If you chose Daily, in the Remediation Check-in Time field, select the hour of the day when you want SSH remediation to begin.

      TIP  Trust Protection Platform has no default setting for Remediation Check-in Time. The time specified here is the time that will be used. Without this option, all agents might check in at the same time, beginning at the hour you select from the Remediation Check-in Time list. Randomizing check-ins reduces the load on both your network and the Trust Protection Platform server.

    4. (Conditional) If you chose Weekly, do the following:

      1. In the Scan Days field, begin typing a day of the week (e.g. Monday, Tuesday, Wednesday, etc.) and then select the day that appears in the drop-down list.
      2. To add additional days of the week, repeat this step. In the Remediation Check-in Time field, select the hour of the day when you want SSH remediation to begin.

    5. (Conditional) If you chose Monthly, do the following:

      1. In the Scan Days field, begin typing a day of the month (e.g. 1, 2, 3, etc.) and then select the day that appears in the drop-down list.
      2. To add additional days of the month, repeat this step.
      3. In the Remediation Check-in Time field, select the hour of the day when you want SSH remediation to begin.

  6. From the Logging Threshold list, select the level of detail you want to appear.

    By default, logging is set to Info, the highest logging level (the most log events will be written). Each subsequent level filters out some logging types. Agent events are written to syslog or the Windows event log.

  7. When you are finished, click Save.