How to copy a private key from one target account using the SSH-2 Public Key Authentication protocol to another
search cancel

How to copy a private key from one target account using the SSH-2 Public Key Authentication protocol to another

book

Article ID: 191176

calendar_today

Updated On: 10-03-2023

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are starting out with a common public key deployed to multiple target servers for accounts with the same name. For each server we are configuring a separate target account. The first target account could be synchronized without problem. But when we view the password, copy the private key and paste it into the private key field of a new account, we cannot get the password verified. The tomcat log shows an "invalid private key" error. However, when we define a policy with SSH access using this target account for auto-logon, it actually works.

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

Credential Management uses a different SSH client to establish connections to target servers. Passwords in general do not allow new line characters. When a private key is entered in a typical format with 64 characters in one line, the newline characters are replaced with spaces. But when the key is copied into another target account with the format that a password view returns, i.e. with space characters, it will not work for Credential Management.

Resolution

Either use the original format that worked for the first account, or create it by replacing all space characters in the private key retrieved from a password view with newline characters using a text editor like Notepad++.

Example password string retrieved from an SSH key account for a UNIX target application:

-----BEGIN RSA PRIVATE KEY----- MIIEp##########A8jQFjfVg8y2TPltirzboB5a5TKLwD/Bf6+VkbnkcYGe+UIQ9 1mI+bLwGCcHvKuSvYKy7k6##########W9svnMVE864zcPege204Tg0eFKtyZE+g 3/d705pxoRBPdPORoIcggRjv+YMSIy+##########7H8hu7ysdeHeDoIxpdxnHg2 lY##########NGAIqBskkLmLf8CJcwpiVhC+2g4dohtthB7kZ5UvNhm2u5FTOUz9 XXEca1pakvhQ++9daMcf2ue##########4G9ZL+7dnxpUBkMqwHLuakrHILfSPMi ZkH/ahBvqg2rCpe8hHg6+Jqw7OEKeAs0MU9skQIDAQ##########PdcmS26k2gnW cghMXP5V1nB1zYmJDA3eTZJQuMfFlzqgnes4O9OlqMEf/2F0QLQDvTlqJ3Y9VTCK ngnzI5VMKvqApXjVkCpevraKbDLT+gK5HnloKV90dRGt18Bybd21P7AAXbYEcWVI I0QI72HpCGnZMuloUGArue3X8TKT/qBXKmPa68NerPuuAkYuA7Hi9ZosTRVltU/A G3U0uDe4XiLTqHoWxxdmIAwShVPz0+abOQt5IhZAp9HASWeGAJzfW7NzlksEsKR7 Ypv42GSKEYwMgr5SX1+sPna/3fd7UAcZdca48J7TYCktHmXmJfKkUgpdkUYLncwR Rm1NtXABAoGBAP98bz2vedK/m7oIVhT126d4BD6AiTMr3+oLn7s0L3LMCYoLiMYx QWs3CebQDJMT3SfIqWYX4FVWA1P8o9kM2L3lntwy4fcYILRK8UWB2tnIIucZK+Ol KtWkaR+07+semTb7Kvt3a4Eb39mNroIz92vm2gPltCX2Bbi8a8QTHhrBAoGBAPKw vztypWiIxzDFbay8Q0J/ZMDk+kqbdnlryrB9i9kPhu+lfZxrTFUKYLMGrBbgZXji 15VzwldfU3Tsy/+evmwXt+eIt8s0Jf6NP/06pRM8m8WFjRy74691kXZTrknSRuU2 qMZGqBfVCH7Jv2jbDaIK79YoKK5WXjYHKAg0udXRAoGAdhO7keXUxts5jMwnhL5w S0EDrSNYxaakcRX4N9wRhdvZGMzl5LuFAZlJYTyMYzlOAAIUkJO+YZJELX/Y9gqi 7Xj/Z8O4favQCaONSNOQIxEFWItgpnCCkITQ9Q95xs+4fhmtLtVtgRkx5uk9Wv3L fzoNTrnN/bFryYqDv/YZ9sECgYEAq9Tc8XhxCRye/DctOjpp3PFaIwF8/copDjt1 3ZRmqh9GSPOBhniqKSQZ52f3/JKRBhCG17iIh1hlPMpUff6lkN8SRQsWJvgbVqon /mHBc2dcW3P9v7SAt0Ck54TESFxr+erDgO+SIJ2jUDIEJnfCpVLdEWKJuzZHqjVS 8Mx0L6ECgYAzcimab6zYSLhS5vJGGU00+xXSfarQMEB0Dg2OwPVVIQ8Lcc3vOBAg syNeOxXUq2JG+Ka5A2vh9JUFILidNBPYHi4+iTk7Z/n+Go7ljKwwb76JwzeSz8D3 G1uBrMrxS25TMgfdDn8hUAkoqR7Ormc9wi4gogz10QB0xFnXKMH/gw== -----END RSA PRIVATE KEY-----


Correctly formatted for pasting into the Private Key field of a new account:

-----BEGIN RSA PRIVATE KEY-----
MIIEp##########A8jQFjfVg8y2TPltirzboB5a5TKLwD/Bf6+VkbnkcYGe+UIQ9
1mI+bLwGCcHvKuSvYKy7k6##########W9svnMVE864zcPege204Tg0eFKtyZE+g
3/d705pxoRBPdPORoIcggRjv+YMSIy+##########7H8hu7ysdeHeDoIxpdxnHg2
lY##########NGAIqBskkLmLf8CJcwpiVhC+2g4dohtthB7kZ5UvNhm2u5FTOUz9
XXEca1pakvhQ++9daMcf2ue##########4G9ZL+7dnxpUBkMqwHLuakrHILfSPMi
ZkH/ahBvqg2rCpe8hHg6+Jqw7OEKeAs0MU9skQIDAQ##########PdcmS26k2gnW
cghMXP5V1nB1zYmJDA3eTZJQuMfFlzqgnes4O9OlqMEf/2F0QLQDvTlqJ3Y9VTCK
ngnzI5VMKvqApXjVkCpevraKbDLT+gK5HnloKV90dRGt18Bybd21P7AAXbYEcWVI
I0QI72HpCGnZMuloUGArue3X8TKT/qBXKmPa68NerPuuAkYuA7Hi9ZosTRVltU/A
G3U0uDe4XiLTqHoWxxdmIAwShVPz0+abOQt5IhZAp9HASWeGAJzfW7NzlksEsKR7
Ypv42GSKEYwMgr5SX1+sPna/3fd7UAcZdca48J7TYCktHmXmJfKkUgpdkUYLncwR
Rm1NtXABAoGBAP98bz2vedK/m7oIVhT126d4BD6AiTMr3+oLn7s0L3LMCYoLiMYx
QWs3CebQDJMT3SfIqWYX4FVWA1P8o9kM2L3lntwy4fcYILRK8UWB2tnIIucZK+Ol
KtWkaR+07+semTb7Kvt3a4Eb39mNroIz92vm2gPltCX2Bbi8a8QTHhrBAoGBAPKw
vztypWiIxzDFbay8Q0J/ZMDk+kqbdnlryrB9i9kPhu+lfZxrTFUKYLMGrBbgZXji
15VzwldfU3Tsy/+evmwXt+eIt8s0Jf6NP/06pRM8m8WFjRy74691kXZTrknSRuU2
qMZGqBfVCH7Jv2jbDaIK79YoKK5WXjYHKAg0udXRAoGAdhO7keXUxts5jMwnhL5w
S0EDrSNYxaakcRX4N9wRhdvZGMzl5LuFAZlJYTyMYzlOAAIUkJO+YZJELX/Y9gqi
7Xj/Z8O4favQCaONSNOQIxEFWItgpnCCkITQ9Q95xs+4fhmtLtVtgRkx5uk9Wv3L
fzoNTrnN/bFryYqDv/YZ9sECgYEAq9Tc8XhxCRye/DctOjpp3PFaIwF8/copDjt1
3ZRmqh9GSPOBhniqKSQZ52f3/JKRBhCG17iIh1hlPMpUff6lkN8SRQsWJvgbVqon
/mHBc2dcW3P9v7SAt0Ck54TESFxr+erDgO+SIJ2jUDIEJnfCpVLdEWKJuzZHqjVS
8Mx0L6ECgYAzcimab6zYSLhS5vJGGU00+xXSfarQMEB0Dg2OwPVVIQ8Lcc3vOBAg
syNeOxXUq2JG+Ka5A2vh9JUFILidNBPYHi4+iTk7Z/n+Go7ljKwwb76JwzeSz8D3
G1uBrMrxS25TMgfdDn8hUAkoqR7Ormc9wi4gogz10QB0xFnXKMH/gw==
-----END RSA PRIVATE KEY-----

Additional Information

10/3 - Updated to obscure sensitive data