We are using PAM 3.1.1. We have the below scenario and we need your expertise and advice on the same.
We have integrated an Linux server to PAM. There is a privileged account (local account) named - pam_sysadmin which is registered and managed by PAM. This account uses the SSH keys.
My understanding is: SSH Key pair has two keys, 1 - Private , 2- Public. Both the keys are stored in PAM and only the public keys is stored in the target linux server.
Please correct me if my understanding is incorrect...
Question 1: When PAM rotates the keys, will it rotate both Public and Private keys and updates the keys in PAM ?
And PAM, does PAM update/sync the public key to target server?
Question 2: Now, the keys are in sync between PAM and target server. Suppose a root equivalent user by mistakenly deleted the public key of the privileged account in target server, Can PAM still be able to rotate the keys and sync to target?