Skip to main content

Used Accounts and Directories

Key Manager runs key-management services and actions under the following user accounts:

  • On Key Manager front ends: The initial Key Manager setup is run as the root user. The Key Manager front end service runs under the sshmgr user. The Nginx web server, which is used for serving the front end, runs under the nginx user.

    note

    On Rocky Linux, newly created accounts have no password, and are locked. To unlock the sshmgr user, you must assign a password to the account.

  • On Key Manager back ends: The initial Key Manager setup is run as the root user. The Key Manager back end runs under the sshmgr user. The client-certificate utility ssh-mgr-certmake is run as the root user.

    note

    On Key Manager back-end servers running Rocky Linux, the sshmgr user must be unlocked for agents to function.

  • On agent-based hosts: On Unix hosts, the Key Manager agent monitor runs management operations on its associated host using the root account by default. On Windows hosts, the Key Manager agent uses the Local System account to run management operations.

    note

    On Unix hosts, you can configure the Key Manager agent to run management operations using any account.

  • On agentless hosts: Key Manager performs key-management operations using the management account, which was specified during host addition. Note that this account must be sufficiently privileged to perform key-management operations.

Key Manager uses the following files and directories:

  • Key Manager uses the user facility for logging. The log file for user-level messages is located at:

    /var/log/user.log

  • Key Manager messages are also logged to the system log file, located at:

    /var/log/messages

  • On front-end machines: the Key Manager package installs the product files to /opt/sshmgr. Installing the Key Manager package also creates the sshmgr user with a home directory at /var/lib/ sshmgr. The Key Manager environment, and various Key Manager Server settings, are specified in /etc/sysconfig/sshmgr

    Key Manager site configurations are located in /etc/nginx/sites-available. Active configurations are linked from /etc/nginx/sites-enabled

    Nginx log files are located under /var/log/nginx

    Front-end events (such as admin actions) are logged using the syslog subsystem, which is typically configured to write messages to /var/log/messages

  • On back-end machines: the Key Manager package installs the product files to /opt/sshmgr. Installing the Key Manager package also creates the sshmgr user with a home directory at /var/lib/sshmgr

    Authorized keys for the Key Manager agents are stored under /var/lib/sshmgr/.ssh2/

    Back-end events (such as jobs and errors) are logged using the syslog subsystem, which is typically configured to write messages to /var/log/messages Tectia SSH Server that is installed on the Key Manager back end uses its own set of directories. For information about directories used by Tectia SSH Server, see the Tectia SSH Server Admin Manual.

  • On agent-based hosts: On Unix hosts, the Key Manager agent is installed under /opt/sshmgr-agent/. The Key Manager agent configuration is stored under /var/lib/sshmgr-agent/. Agent activity is logged using the syslog subsystem, which is typically configured to write messages to /var/log/ messages. The Key Manager agent also writes to /var/log/ssh-key-agent.log when debug mode is enabled.

    On Windows hosts, all the agent files are stored under the installation directory of your choosing. By default, this directory is %PROGRAMFILES%\SSH Communications Security\SSH UKM Agent\ on Windows hosts. Agent activity is logged in the Windows Application log.

  • On all managed hosts: On Unix hosts, Key Manager writes to the /var/sshmgr-unique-id file. The file is used as an unique host identifier in the Key Manager system. On Windows hosts, the value is written to the registry path HKLM\SOFTWARE\SSH Communications Security\SSH Universal Key Manager Agent\UniqueId (on 32-bit Windows), or to HKLM\SOFTWARE\Wow6432Node\SSH Communications Security\SSH Universal Key Manager Agent\UniqueId (on 64-bit Windows).

The following lists summarize the accounts, files, and directories used by Key Manager:

Accounts used on Unix

  • nginx
  • sshmgr
  • root

Accounts used on Windows

  • Local System

Files and directories used on Unix

  • /etc/sysconfig/sshmgr
  • /opt/sshmgr
  • /var/lib/sshmgr
  • /etc/nginx/sites-enabled
  • /etc/nginx/sites-available
  • /var/log/nginx/
  • /var/lib/sshmgr/.ssh2/
  • /var/log/
  • /opt/sshmgr-agent/
  • /var/sshmgr-unique-id

Files and directories used on Windows

  • %PROGRAMFILES%\SSH Communications Security\SSH UKM Agent\