Safeguard SPP : Fail To check SSH Key.

Dears,

Could you help me please understand what happen when i try to check SSH key in Safeguard SPP as i always get an error message saying this :

"SSH Server on asset Oracle Linux is configured to run the authorized key command none as account 0

Unable to check SSH Key for account "Account1" on asset Oracle due to an error."

I think maybe safeguard service account is unable to use or run the authorizedkeycommand found in the /etc/ssh/sshd_config file :

#AuthorizedKeysCommand none  (i actually don't know what should be placed here in order for safeguard service account to check SSH Key) ??

#AuthorizedKeysCommandUser none (i presume that i need to put the Safeguard Service Account Name here) ??

What should be set in the /etc/ssh/sshd_config in order for Safeguard to check SSH Keys and specially in the AuthorizedKeyCommand fields.

Please note athat i'm able to Set and Change SSH Keys and Passwords Successfully through the same Safeguard Service Account.

I'm working on a Linux asset : Oracle Linux (OL7) Distribution.

Thank you for your help.

  • Hi Ahmed,

    I did as you suggested in your last recommandation :

    Generate and then Install SSH Key work perfectly but Verify don't as the same error came back :

    Queuing task.
    Starting task.
    Checking authorized key for account Account1 on asset Oracle Linux.
    Connecting with asset Oracle Linux (10.0.1.80).
    System login test.
    System login test.
    Checking SSH configuration from file: /etc/ssh/sshd_config.
    Checking configuration for SSH server: OpenSSH_7.4 from configuration file: /etc/ssh/sshd_config.
    Discovering authorized keystore template(s) .ssh/authorized_keys on asset Oracle Linux.
    Discovering authorized key file(s): /home/Account1/.ssh/authorized_keys.
    SSH Server on asset Oracle Linux is configured to run the authorized key command none as account none
    .

  • If you are running the latest version of Safeguard and Desktop client but still see the issue then I would suggest to open a ticket and provide a support bundle to investigate this further via:

    support.oneidentity.com/create-service-request