PAM-CM-3481 When Attempting to Add SSH Key Target Account
search cancel

PAM-CM-3481 When Attempting to Add SSH Key Target Account

book

Article ID: 380150

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

An administrator is attempting to add an SSH key target account in Privileged Access Manager, but the following error occurs when clicking OK to save the target account. This occurs both when trying to store it as a synchronized or unsynchronized account.

PAM-CM-3481: An invalid private key was specified.

Cause

An SSH key can be stored in PAM only if they are in DSA, ECDSA, or RSA format. All other key formats will fail the pattern check PAM performs on the key prior to saving the target account. If the SSH key is opened in a Notepad application, it should look like one of the following examples.

 

-----BEGIN DSA PRIVATE KEY-----
################################################################
################################################################
################################################################
-----END DSA PRIVATE KEY-----

 

-----BEGIN EC PRIVATE KEY-----
################################################################
################################################################
################################################################
-----END EC PRIVATE KEY-----

 

-----BEGIN RSA PRIVATE KEY-----
################################################################
################################################################
################################################################
-----END RSA PRIVATE KEY-----

Resolution

If another SSH key format was used such as a ppk or OpenSSH key, please recreate the key in one of the supported three formats in order to store it in PAM.

Additional Information

If the key is solely being vaulted in PAM and will not be rotated nor used for auto-logins (for example, storing AWS Lambda keys), it is possible to use the Secrets Management feature in PAM to vault and view them.