Universal SSH Key Manager Integration with BeyondTrust PowerBroker
PowerBroker for Unix & Linux allows system administrators to delegate Unix and Linux privileges and authorization without disclosing passwords for root or other accounts. The solution can also record all privileged sessions for audits, including keystroke information.
Universal SSH Key Manager is non–intrusive — all operations for discovery, continuous monitoring, access lockdown, remediation, and key life cycle management are conducted without disrupting existing workflows and business processes.
By integrating Universal SSH Key Manager with BeyondTrust's PowerBroker for Unix & Linux customers are able to leverage their existing privilege elevation solution already deployed across their environment to enable the privileged operations required by Universal SSH Key Manager for scanning and managing SSH keys.
Universal SSH Key Manager can leverage PowerBroker in two ways:
- Offline-scanning of SSH user keys across the environment
- Privilege elevation for key management operations when using agentless connections
This mode of integration allows Universal SSH Key Manager operators to run a standalone script for scanning SSH keys across the target environment and import the resulting output file into Universal SSH Key Manager. With PowerBroker operators are able to use the existing PowerBroker infrastructure to run a scanning script with elevated privileges across the target environment and easily collect the results in order to import back to Universal SSH Key Manager. This allows operators to easily scan thousands of hosts and quickly build up an inventory of SSH keys across their environment in a matter of hours compared to the days or weeks that it usually takes most organizations using other connection methods such as rolling out agents or getting approval for privileged access to hosts using agentless connections.
Another way Universal SSH Key Manager integrates with PowerBroker is when using agentless connections towards target servers. Universal SSH Key Manager can be configured to use PowerBroker as a privilege elevation mechanism. This allows Universal SSH Key Manager to use a non-privileged account for agentless connections towards servers and then invoke PowerBroker to elevate privileges to perform the scanning or key management operations needed by Universal SSH Key Manager. The flexibility in configuration options allows Universal SSH Key Manager to also store and provide credentials for privilege elevation when prompted by PowerBroker. The integration brings the additional benefit of having all privileged commands executed by Universal SSH Key Manager to be fully logged by PowerBroker and readily available from a central location for audit and review.