Your browser does not allow storing cookies. We recommend enabling them.

Universal SSH Key Manager Integration with BeyondTrust PowerBroker

PowerBroker for Unix & Linux allows system administrators to delegate Unix and Linux privileges and authorization without disclosing passwords for root or other accounts. The solution can also record all privileged sessions for audits, including keystroke information.

Universal SSH Key Manager is non–intrusive — all operations for discovery, continuous monitoring, access lockdown, remediation, and key life cycle management are conducted without disrupting existing workflows and business processes.

By integrating Universal SSH Key Manager with BeyondTrust's PowerBroker for Unix & Linux customers are able to leverage their existing privilege elevation solution already deployed across their environment to enable the privileged operations required by Universal SSH Key Manager for scanning and managing SSH keys.

Universal SSH Key Manager can leverage PowerBroker in two ways:

  1. Offline-scanning of SSH user keys across the environment
  2. Privilege elevation for key management operations when using agentless connections


This mode of integration allows Universal SSH Key Manager operators to run a standalone script for scanning SSH keys across the target environment and import the resulting output file into Universal SSH Key Manager. With PowerBroker operators are able to use the existing PowerBroker infrastructure to run a scanning script with elevated privileges across the target environment and easily collect the results in order to import back to Universal SSH Key Manager. This allows operators to easily scan thousands of hosts and quickly build up an inventory of SSH keys across their environment in a matter of hours compared to the days or weeks that it usually takes most organizations using other connection methods such as rolling out agents or getting approval for privileged access to hosts using agentless connections.

Privilege Elevation

Another way Universal SSH Key Manager integrates with PowerBroker is when using agentless connections towards target servers. Universal SSH Key Manager can be configured to use PowerBroker as a privilege elevation mechanism. This allows Universal SSH Key Manager to use a non-privileged account for agentless connections towards servers and then invoke PowerBroker to elevate privileges to perform the scanning or key management operations needed by Universal SSH Key Manager. The flexibility in configuration options allows Universal SSH Key Manager to also store and provide credentials for privilege elevation when prompted by PowerBroker. The integration brings the additional benefit of having all privileged commands executed by Universal SSH Key Manager to be fully logged by PowerBroker and readily available from a central location for audit and review.


What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now