Analyzing and fixing SSH violations

You can take a number of actions to resolve SSH trust violations. This section describes common violations and the recommended steps to resolve them.

All supported SSH violations are resolved using one or more of the following remediation tasks:

  1. Remove keys (orphans, authorized keys with root access, excessive number of keys, replace, if obsolete, remove RSA1 and create RSA/DSA instead)
  2. Remove keyset (and create new one in its place)
  3. Add self-service key mappings
  4. Locate SSH servers and scan for keys
  5. Add policy settings (flag duplicate private keys, set minimum key length, and flag SSHv1)
  6. Split keyset into two keysets
  7. Specify (correct) forced commands
  8. Fix source restrictions
  9. Add missing options
  10. Rotate keys (and set a schedule for auto rotation)

TIP  To browse topics in this section, use the menu on the left side of this page.