Skip to main content

Scan Types

Shell-based scan types

Key Manager offers the following shell-based scan types:

Configuration Scan

Target hosts are scanned for the following data:

  • Operating-system information, such as OS type and version.

  • The unique ID that is assigned to the host by Key Manager.

  • Network interfaces.

  • Users and user groups.

  • Installed SSH products.

  • SSH configurations.

  • SSH host keys.

Authorized-Keys Scan

Target hosts are scanned for all the information covered by the Configuration Scan action. Additionally, the target hosts are scanned for authorized keys.

Full Scan

Target hosts are scanned for all the information covered by the Configuration Scan and the Authorized Keys Scan action. Additionally, the target hosts are scanned for private keys.

The host setting Full scan type determines what the full scan does:

  • Default option is Scan both locally and remotely stored keys; the scan will detect both local and non-local users and keys.

  • Scan only locally available users ignores any network users.

  • Scan only locally stored keys and network users without keys detects local users and keys, and also network users with no local keys.

note

The Full scan type setting only applies to hosts that use the Key Manager host utility for scans: either offline scanning or script-based scanning (described in sections Host Discovery with Offline Scans and Choosing the Best Scan Method respectively). Hosts without the Key Manager host utility are always scanned for both local and remote users and keys.

Key-Activity Scan

Target hosts are scanned for SSH authorization usage.

By default, OpenSSH-based hosts need to be configured to support key-activity scans. The required setup steps are described in Enabling Key-Activity Monitoring.

Script-based scan types

Key Manager also offers the following script-based scan types:

Scan only locally stored keys

Equivalent to performing a Full Scan.

Scan both locally and remotely stored keys

Includes all the data provided by the Scan only locally stored keys. Additionally detects network users, user keys on NFS, and key activity of those keys.