AnsweredAssumed Answered

SSH Key rotation from PAM when the Key is deleted in target server

Question asked by dinakar_apk on Jul 25, 2018
Latest reply on Jul 25, 2018 by prira01

Hi All,

 

We are using PAM 3.1.1. We have the below scenario and we need your expertise and advice on the same.

 

We have integrated an Linux server to PAM. There is a privileged account (local account) named - pam_sysadmin which is registered and managed by PAM. This account uses the SSH keys.

 

My understanding is: SSH Key pair has two keys, 1 - Private , 2- Public. Both the keys are stored in PAM and only the public keys is stored in the target linux server.

 

Please correct me if my understanding is incorrect...

 

Question 1: When PAM rotates the keys, will it rotate both Public and Private keys and updates the keys in PAM ?

And PAM, does PAM update/sync the public key to target server?

 

Question 2: Now, the keys are in sync between PAM and target server. Suppose a root equivalent user by mistakenly deleted the public key of the privileged account in target server, Can PAM still be able to rotate the keys and sync to target?

 

Kindly advise... 

 

Thanks

dk

Outcomes