Supported Host Platforms, SSH Software, and SSH Keys
This section lists the host platforms, SSH software, and SSH key algorithms that can be managed using Key Manager.
Managed Host Requirements
The following table describes the host platforms that can be managed using Key Manager, and the supported management modes for each platform:
Table 2.1. Supported host platforms and management connections
| Platform | Agentless | Agent-Based | Offline Scan |
|---|---|---|---|
| CentOS 6, 7, 8 (x86-64) | • | • | • |
| FreeBSD 8, 9, 10, 11 | • | ||
| HP-UX 11iv1, 11iv2, 11iv3 (PA-RISC) | • | • | • |
| HP-UX 11iv2, 11iv3 (IA-64) | • | • | • |
| IBM AIX 6.1, 7.1, 7.2, 7.3 (POWER) | • | • | • |
| IBM z/OS 1.13, 2.1, 2.2 | • | ||
| Microsoft Windows 10 | a | • | • |
| Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025 * | a | • | • |
| Oracle Enterprise Linux 5, 6, 7, 8 | • | • | • |
| Oracle Solaris 10, 11.0, 11.1, 11.2, 11.3 | • | • | • |
| Oracle Solaris 10, 11.0, 11.1, 11.2, 11.3, 11.4 (x86-64) | • | • | • |
| Oracle Solaris SPARC 11.3, 11.4 | • | • | • |
| Red Hat Enterprise Linux Atomic Host 7 (x86-64) | • | ||
| Red Hat Enterprise Linux 6, 7, 8, 9, 10 (x86-64) | • | • | • |
| Rocky Linux 8, 9, 10 (x86-64) | • | • | • |
| SUSE Linux Enterprise Desktop 12, 15 (x86-64) | • | • | • |
| SUSE Linux Enterprise Server 12, 15 (x86-64) | • | • | • |
| Ubuntu Desktop 18.04, 20, 22 (x86-64) | • | • | |
| Ubuntu Server 18.04, 20, 22 (x86-64) | • | • | |
| Amazon Linux 2 | • | • | • |
a: Agentless connections supported through WinRM; monitored state only
For platforms that are no longer generally-available or supported by their vendors, support is limited to a best-effort basis.
Key Manager servers must be able to establish SSH connections to agentless hosts.
On managed hosts, Key Manager performs management actions that require root permissions, such as modifying SSH-key files as various users,. The required permissions can be granted as follows:
-
On agent-based hosts, the Key Manager agent must be run with root or Administrator privileges (on Unix and Windows respectively).
-
On agentless hosts, Key Manager must be given access as a sufficiently-privileged user: either root, or a regular account with privilege-elevation capabilities. If you are using a regular account with sudo for privilege elevation, the host must also have sudo version 1.7.0 or later installed. Hosts using the offline-scan method have the following additional requirements:
-
Unix platforms must have a minimum supported version of Python 1.5 or later.
-
Windows platforms must be installed with the following:
-
.Net version 4 (Client Profile or Full Framework).
-
CLR version 4.
Unix hosts must use either US-ASCII or UTF-8 encoding on all levels, including path names in the file
system. Furthermore, Unix hosts must provide a Bourne-style shell in /bin/sh.
Compatible SSH Products
Table 2.2. Supported SSH products
| SSH product | Linux/Unix | Windows | z/OS |
|---|---|---|---|
| Attachmate RSIT 6.1, 7.1, 8.1 | a, b, c | ||
| Centrify SSH 2013 | a, b, c | ||
| OpenSSH 4.x – 10.x | a, b, c | ||
| OpenSSH 6.4 (Ported Tools v1.3) | a | ||
| OpenSSH as Windows Optional Feature | b | ||
| PuTTY Client | c | ||
| SunSSH 1.1.5, 2.0 | a, b, c | ||
| Tectia SSH 6.4, 6.6 | a, b, c | b, c | |
| Tectia Server for IBM z/OS 6.3, 6.4, 6.5, 6.6 | a | ||
| Quest OpenSSH 4.x – 5.2 | a, b, c |
a: Supported by agentless management connections. Requirements and limitations listed in Managed Host Requirements, and Key Manager Limitations apply.
b: Supported by agent-based management connections. Requirements and limitations listed in Managed Host Requirements, and Key Manager Limitations apply.
c: Supported by offline scan. Requirements and limitations listed in Managed Host Requirements, and Key Manager Limitations apply. Refer to Key Manager Limitations for information on limitations related to Key Manager functionality.
Supported SSH Key Algorithms
Key Manager can be used to manage SSH keys generated using the following algorithms:
- ECC/ECDSA
- Ed25519
- DSA
- RSA
Supported Host Key Rotation Platforms
Host Key Rotation
Host key rotation is supported only for Tectia and OpenSSH servers.
| Platform | Tectia | OpenSSH |
|---|---|---|
| Windows | • | |
| Linux | • | • |
| Unix | • | • |
| z/OS | a | a |
a: Support for host key rotation is planned for future releases.
Host key Distribution to SSH Clients
Host key distribution is accomplished by recording the new host key entries to the global known_hosts
file (OpenSSH style).
| Platform | Tectia | OpenSSH |
|---|---|---|
| Windows | a | a |
| Linux | • | • |
| Unix | • | • |
| z/OS |
a: Support for distribution of host keys to Windows clients is planned for future releases.