Configuring Attachmate Reflection for Secure IT 6.x for use with SSH Relay (Privileged User Manager)

  • Document ID:7010078
  • Creation Date:30-Jan-2012
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Privileged Account Manager (Privileged User Manager)

Environment

Privileged User Manager 2.3.0

Situation

Configuring Attachmate Reflection for Secure IT 6.x for use with SSH Relay (Privileged User Manager)

SSH Relay is based on OpenSSH  and therefore needs the keys to be in OpenSSH format.

Attachmate Reflection for Secure IT 6.x uses the Secsh key format.

Resolution

Configuring the SSH Relay Agent

1. On the SSH Relay Agent, create an RSA keypair using the OpenSSH provided ssh-keygen

Example:
ssh-Relay:~ # ssh-keygen -t rsa -f /root/.ssh/id_rsa_npum
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa_npum.
Your public key has been saved in /root/.ssh/id_rsa_npum.pub.

2. Copy and paste the contents of the newly generated private key (~/.ssh/id_rsa_npum) into the Credential Manager for the Remote 'Attachmate' host.

3. Copy the SSH Relay Agent public key to the remote Attachmate sshd host, into ~/.ssh2


Configuring the NPUM agentless Attachmate Reflection for Secure IT 6.x host

1. On the NPUM agentless Attachmate hosts, convert the public key sent from the SSH Relay Agent into the Attachmate Reflection for Secure IT 6.x Secsh format with the following command:

attachmate:~ #ssh-keygen -e -f ~/.ssh2/id_rsa_npum.pub> ~/.ssh2/id_rsa_npum_secsh.pub

2. Add the converted public key file name to the authorization file.

Example:
attachmate:~ #vi ~/.ssh2/authorization
Key id_rsa_npum_secsh.pub

3. Edit the Attachmate sshd config (/etc/ssh2/sshd2_config) and add the 'shell' keyword enabled in the 'SessionRestricted' option.

Example:
SessionRestricted      shell,exec,subsystem