How to copy a private key from one target account using the SSH-2 Public Key Authentication protocol to another
book
Article ID: 191176
calendar_today
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
We are starting out with a common public key deployed to multiple target servers for accounts with the same name. For each server we are configuring a separate target account. The first target account could be synchronized without problem. But when we view the password, copy the private key and paste it into the private key field of a new account, we cannot get the password verified. The tomcat log shows an "invalid private key" error. However, when we define a policy with SSH access using this target account for auto-logon, it actually works.
Environment
Release : 3.3
Component : PRIVILEGED ACCESS MANAGEMENT
Cause
Credential Management uses a different SSH client to establish connections to target servers. Passwords in general do not allow new line characters. When a private key is entered in a typical format with 64 characters in one line, the newline characters are replaced with spaces. But when the key is copied into another target account with the format that a password view returns, i.e. with space characters, it will not work for Credential Management.
Resolution
Either use the original format that worked for the first account, or create it by replacing all space characters in the private key retrieved from a password view with newline characters using a text editor like Notepad++.
Example password string retrieved from an SSH key account for a UNIX target application: