Universal SSH Key Manager (UKM) Product Update
Learn about the details of the latest releases.
1. About this release
Universal SSH Key Manager 4.3.0 includes new capabilities, improvements, and bug fixes. Most notably, this release introduces capabilities including Quantum-Safe Key exchange (KEX) algorithms available for management connections; evaluation and reporting on risks associated with user passwords as well as submission of access requests in bulk by end users.
2. Submitting bulk access requests by end users using CSV input
User Portal expands its current capabilities which help application owners with managing their SSH keys to power users who are responsible for tens of thousands of keys.
Power users can now submit access requests in bulk directly in the graphical user interface. No need for scripting, using API calls, or engaging admin users.
3. Report on violations of password security policies
UKM expands its policy capabilities into analysis and reporting on user account passwords. UKM brings to light violations of best practices associated with an increased security risk.
In this release, the capabilities include the collection and reporting of password parameters such as password changes and validity, in addition to providing policies identifying potential risk vectors on Linux operating systems. Future releases will expand the OS coverage as well as the data analysis and reporting.
4. Quantum-safe management communications
UKM now fully supports available Quantum-Safe KEX algorithms for both agentless and agent-based management connections to managed hosts.
5. Other updates
This release also includes the following improvements and bug fixes:
* Validation rules for eligibility of migrating SSH accessing from using existing SSH keys to ephemeral certificates are relaxed. UKM admins can now proceed with the migration process even if not all targets can be transitioned to access using ephemeral certificates. Ineligible targets are clearly identified and an explicit approval step is required [UKM-2736]
* UKM can now recognize and report the use of OpenSSH keys for accessing Windows hosts where OpenSSH Server is enabled. [UKM-2649]
* This version introduces improved protection against content-injection attacks by implementing a stronger Content Security Policy (CSP). The policy is enabled by default for new installations of UKM. [UKM-2358]
* Added persistency for the timeout setting applied to script-based scan jobs. The value is no longer reset to default after upgrade. [UKM-2591]
* This version expands support for agents to RedHat 9. [UKM-2443]
* Corrected a regression affecting UKM version 4.2. where executing an "Export Public Key" action via the GUI only listed the key data portion of the key, excluding known SSH key options (such as from stanza, commands, etc). [UKM-2709]
* Addressed an issue where editing the value of custom fields for multiple objects (hosts, users or keys) was applied only to the first object instead of to all intended ones. [UKM-2682]
1. Migrate all user keys to Zero Trust SSH access using ephemeral certificates
This release removes the prior restriction which required that users have only one private key in order to proceed with migrating to ephemeral certificates.
This change eliminates restrictions and in effect allows any account to be migrated without jeopardizing the continuity of operation for existing automation workflows and integrations.
2. Support for OpenSSH client/server on Windows
This release introduces support for the native OpenSSH client/server software on Windows including account listing and key discovery, key provisioning, as well as remediation actions such as removal, restoring, and setting options.
This feature improves the trust relationship dataset for more complete visibility into the key sprawl and expands the management capability reach in their key estate.
For more details consult the Product Description document.
3. Automatic management of audit events
This functionality adds automatic data management for audit events generated by UKM, in order to reduce the risk of running out of disk on the database server.
Its aim is to prevent outages and the need for maintenance work due to the accumulation of audit events in the database.
A new setting introduces automatic purging capabilities for audit events with a configurable retention period.
-
By default, audit events are retained indefinitely.
-
Similar to other purging tasks, deleted audits are not archived.
-
The previous capability to archive audit events to external storage is unaffected
4. Introducing an improved graphical user interface
The newly released UKM admin GUI supports a modern frontend framework that allows faster implementation cycles for new feature development and, at the same time, eliminates dependencies on outdated technologies which are no longer supported.
The core functionality is now enhanced by introducing:
-
A redesigned home page offering widget selection for configurable dashboards
-
A global quick search on the home page
-
A Settings page search to quickly find any setting based on a key word
5. Other updates
This release also includes the following updates:
- PostgreSQL 14 is supported as a Database for UKM and User Portal
- Tectia server included with UKM is now updated to PQC version 6.6.1 in preparation for providing Quantum-Safe connections during management tasks when using agents.