The SSH plugin for Keeper Commander gives you the ability to generate and rotate SSH keys to one or more target systems, or rotate any local or remote user's Unix/Linux password.
This plugin requires OpenSSL and OpenSSH packages to be installed on the computer running Keeper Commander.
To verify Installation, open the Terminal application and make sure
'ssh'commands are installed and accessible with the system PATH environment variable.
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
The standard "SSH Key" record type is a good fit for SSH rotations.
If using an untyped record, the host and port can be set to custom fields. See below.
The following values can customize rotation parameters. Add these options to a record as text fields and set the label to correspond to the parameter as shown in the table.
When setting up this plugin for the first time please use the following steps:
Populate the Title, Login, and Hostname or IP and Port fields of the Keeper record.
rotatecommand on the Keeper shell for this record. Commander will generate the public and private keys and store them in the record. Copy or save the public key and save this to the file
.ssh/authorized_keysin the target hosts - this step must be done manually the first time or you can use the
Make sure to set the permissions of the authorized_keys file on the target system.
chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys
rotatecommand on Keeper shell to perform a full rotation. If successful, the target hosts will be updated with the newly generated public key and the Keeper record will be updated with the private/public key pair.
rotate "SSH Credentials" --plugin sshkey
To rotate SSH passwords, use the
rotatecommand in Commander. Pass the command a record title or UID (or use
--matchwith a regular expression to rotate several records at once)
rotate "SSH Credentials" --plugin ssh