• State Verified Answer
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 335 views
  • Users 0 members are here
Options
Related

SPP not able to Discover SSH Host Key of Linux Based Machines

umustafa
2 months ago

We have many machine (Hardened Appliances) like IBM Guardium and Trend Micro etc which are already preconfigured so when we try to add them in SPP the assets SSH Host Key is not accessible. Hence the asset is simply not accessible. For example I opened the ticket with OI about IBM Guardium and came to know that SPP doesnt have support for Hardened Appliances. But all these machines are easily accessible simple putty client

  • +1 2 months ago

    Hi,

    Supported Platforms for management are listed in the release notes here:
    https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-passwords/7.5/release-notes/3

    If you need to manage a platforms that is not listed out of the box then the custom platform can be used which may require engaging the Professional Service team for assistance with implementing a custom solution:

    https://github.com/OneIdentity/SafeguardCustomPlatform/wiki

    Thanks!

  • 0 1 month ago in reply to Tawfiq.Ahmad

    Ahhh Mr. Tawifiq nice to hear from you. How are you?

    So what i and my team members were discussing a new way of accessing all the assets. That we create One Machine (Jump machine) per Team and create their users in it and the team members will login via OI PAM to their machine and access all the assets, In this way the unsupported devices will be accessible. Because only Linux devices are facing this issue, Instead of taking route of Professional services.

    By using this route 

    • all devices will be accessible
    • and even recordings will be available
    • when users will login they will only have one machine in their assets list and they can go from this jump machines to their devices

    We might face some other challenges, but it still will be better because many network devices are not accessible and same goes for hardened appliances. 

    Your suggestion will be appreciated 

  • 0 1 month ago in reply to Tawfiq.Ahmad

    Ahhh Mr. Tawifiq nice to hear from you. How are you?

    So what i and my team members were discussing a new way of accessing all the assets. That we create One Machine (Jump machine) per Team and create their users in it and the team members will login via OI PAM to their machine and access all the assets, In this way the unsupported devices will be accessible. Because only Linux devices are facing this issue, Instead of taking route of Professional services.

    By using this route 

    • all devices will be accessible
    • and even recordings will be available
    • when users will login they will only have one machine in their assets list and they can go from this jump machines to their devices

    We might face some other challenges, but it still will be better because many network devices are not accessible and same goes for hardened appliances. 

    Your suggestion will be appreciated 

  • 0 1 month ago in reply to umustafa

    Hi,

    When using a jump host (Client > SPS > Jump Host > Target machine) then traffic from that jump host to target machines is not captured by SPS except for the screen recording (for example RDP traffic is captured and recorded from (Client > SPS > Jump Host) so it depends on your use-case and what works for your requirements.

    Thanks!