Privileged User Manager 2.3.0
Configuring Attachmate Reflection for Secure IT 6.x for use with SSH Relay (Privileged User Manager)
SSH Relay is based on OpenSSH and therefore needs the keys to be in OpenSSH format.
Attachmate Reflection for Secure IT 6.x uses the Secsh key format.
Configuring the SSH Relay Agent
1. On the SSH Relay Agent, create an RSA keypair using the OpenSSH provided ssh-keygen
ssh-Relay:~ # ssh-keygen -t rsa -f /root/.ssh/id_rsa_npum
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa_npum.
Your public key has been saved in /root/.ssh/id_rsa_npum.pub.
2. Copy and paste the contents of the newly generated private key (~/.ssh/id_rsa_npum) into the Credential Manager for the Remote 'Attachmate' host.
3. Copy the SSH Relay Agent public key to the remote Attachmate sshd host, into ~/.ssh2
Configuring the NPUM agentless Attachmate Reflection for Secure IT 6.x host
1. On the NPUM agentless Attachmate hosts, convert the public key sent from the SSH Relay Agent into the Attachmate Reflection for Secure IT 6.x Secsh format with the following command:
attachmate:~ #ssh-keygen -e -f ~/.ssh2/id_rsa_npum.pub> ~/.ssh2/id_rsa_npum_secsh.pub
2. Add the converted public key file name to the authorization file.
attachmate:~ #vi ~/.ssh2/authorization
3. Edit the Attachmate sshd config (/etc/ssh2/sshd2_config) and add the 'shell' keyword enabled in the 'SessionRestricted' option.