About Adaptable SSH Key Discovery
What is Adaptable SSH Key Discovery?
SSH Protect supports discovery and remediation of SSH keys on several popular operating systems. With Adaptable SSH Key Discovery you can manage keys on any type of device, including Windows devices without the use of an agent, helping you to get a more accurate picture of the inventory of your SSH assets across all your devices and services.
Using this adaptable integration, Venafi Professional Services, ecosystem partners, and development teams within your organization can add support for operating systems or services used in your organization (for example, Windows OS, Cisco, or GIT services).
Like all the Venafi adaptable solutions, this system is integrated through PowerShell scripts that SSH Protect uses to perform low-level operations on the devices or services. Venafi provides sample PowerShell scripts for all adaptable solutions. These are provided for reference only and are not intended to be used as is. We recommend using Venafi Professional Services or an ecosystem partner to customize adaptable solutions that meet your specific business needs.
A few notes about PowerShell scripts:
-
You must ensure the exact same PowerShell script is installed on all Venafi servers that have the WebConsole component installed. You may consider including a version number in your script's file name to help you ensure all servers have the same version of the script installed.
-
PowerShell scripts are selected in the UI by their file name. When selecting a file name, consider using descriptive file names to help users know which script to select.
Adaptable SSH Key Discovery is a specialized version of agentless discovery. In other places throughout this guide, you should assume the term "agentless discovery" includes "Adaptable SSH Key Discovery" unless otherwise noted.
DID YOU KNOW? For applications that require access to the Venafi Web SDK, Trust Protection Platform can manage authentication for you automatically, reducing the overhead in your PowerShell script. When implemented, each time your script is called, Trust Protection Platform requests a new token automatically. Each new token is associated with both the specified user and with the referenced application ID. After the script finishes running, Trust Protection Platform revokes the token automatically. To get started, see Adaptable SSH Key Discovery prerequisites.