Remediation Actions

Before you begin:
  • You can access this functionality only if you have the ACF permissions enabled for your role.
  • To perform any of the remediation actions, you must have RW permissions assigned to you.

You can identify and remediate weak, shared, suspicious, and orphan host/user keys from the dashboard to keep the infrastructure secure.

  1. Go to (Menu) icon > SSH+ > Dashboard.
    The Dashboard page is displayed.
  2. On the Risk Report, click Remediation Option against the host/user key category.
    A popup window of the selected host/user key is displayed along with the details of the key name, host endpoints, associated users, and file path.
  3. Click the checkbox against the key(s) you want to remediate.
  4. You can perform one of the following actions:
    1. Rotate: On selecting keys for rotation, a confirmation message appears. On confirming, the rotate operation is triggered via workflow. To check the status and reports, go to Automation > Service Request and select your request from All requests.
      The selected keys are regenerated and pushed to the host endpoints.
      Important:
      Best practices before rotating host keys:
      Note: The following points are applicable when the Enable Global Known hosts option is enabled under (Menu) icon > SSH+ > Administration > Advanced Settings. Enabling this option may have implications for your network.
      1. If the global known host file is not present, then AppViewX will create one in the root folder by including all public keys from users in the global known host file.
      2. Prior to host key rotation, update the global known host file.
      3. The old public key is deleted and the new key is replaced in the global known host file.
      Best practices before rotating user keys:
      Note: The following points are applicable when the Enable Global Authorized keys option is enabled under (Menu) icon > SSH+ > Administration > Advanced Settings. Enabling this option may have implications for your network.
      1. If the global authorized key file is not present, then AppViewX will create one in the root folder for each login user with privileged user permission.
      2. Prior to user key rotation, update the global authorized key file.
      3. The old public key is deleted and the new key is replaced in the global authorized key file.
    2. Delete: On selecting keys for deletion from endpoint, a confirmation message appears. On confirming, the delete operation is triggered via workflow. To check the status and reports, go to Automation > Service Request and select your request from All requests. The selected keys are deleted from the host endpoints and the key inventory.
    3. Acknowledge: The selected keys are acknowledged and excluded from the risk report for the duration specified in the associated key policy. The keys, however, continue to be present in the key inventory.
    Selecting any of the actions opens a confirmation window.
  5. Click Confirm to proceed.