Skip to main content

Reviewing Authorizations, Private Keys, and Authorized Keys

Authorizations (also known as trust relationships) consist of SSH private keys and corresponding authorized keys. The owner of the private key is able to log into accounts that have the corresponding authorized key using SSH public-key authentication.

You can review the authorizations in the managed environment from the User keys→Authorizations page.

To list authorizations via the command-line client use the list-authorizations command (described in list-auhorizations:

$ ssh-mgr-client list-authorizations

By default, each authorization item displays the private key(s) and authorized key(s) that constitute the authorization. You can get more information about individual user keys by clicking the key. Doing so displays the details panel for that key.

Ideally, each authorization should have exactly one private key. Authorizations with no known private key are marked with the label images/unknown%20private%20key.png. The authorized keys that belong in such authorizations may be unused, or they may be granting access to users from outside the managed environment. Authorizations with multiple private keys indicates that there are copies of the private key in the managed environment. Unmanaged copies of private keys, should be reviewed with particular care, as the presence of such keys may indicate that somebody is setting up unauthorized trust relationships.

On the Authorizations page, external private keys are marked with the label images/external.png.

Private keys and authorized keys are displayed on the User keys→Private keys page, and on the User keys→Authorized keys page respectively.

To list private and authorized keys via the command-line client use the commands list-private-keys and list-authorized-keys (described in list-private-keys and list-authorized-keys respectively):

$ ssh-mgr-client list-private-keys
$ ssh-mgr-client list-authorized-keys

Particularly in large environments, an unfiltered list of keys may return an overwhelming amount of entries. You can use filters to manage displayed entries. Examples of filter usage are provided in Key Review Examples.