Viewing User/Host Key Inventory

The User/Host Keys tab displays the total number of weak, shared, orphan, and suspicious keys in the key discovery status. Click the number hyperlink to drill down on the metrics. This helps you track the progress of the key discovery efforts, identify any potential security risks, and prioritize the remediation actions.

To view the user/host key inventory:
  1. Go to (Menu) icon > SSH+ > Inventory > Key Inventory.
  2. Select User Key Inventory or Host Key Inventory.
    The SSH+::User Key page is displayed.
    Table 1. Field Description in User/Host Key Inventory
    Field Description
    Key name Displays the auto-generated unique name created for the key.
    Certificate Count Displays the number of certificates associated with the key. Click the hyperlink to see a popup window with the following fields:
    • Principals: Principals contain the identities associated with a certificate. A principal can be a host or a username associated with the certificate..
    • CA name: Displays the CA name associated with the key.
    • Serial Number: Displays the serial number of the key.
    • Certificate Status: Displays the certificate status of the key.
    • Valid From: Displays the start date of the key validity.
    • Valid To: Displays the end date of the key validity.
    • Expires In: Displays how long before the key expires.
    • Extensions: Displays the extensions of the key.
    Key Compliance Group/Host Compliance Group Displays the name of the group associated with the key. The key/host compliance group can have the following label based on your ACL permissions:
    • R denotes that you have Read permission to the key/host compliance group, although there is no hyperlink available to request access to the key/host compliance group; however, you can view the logs.
    • RW denotes that you have Read-Write permission to the key/host compliance group along with hyperlinks to request access to the key/host compliance. You can modify and delete the key/host compliance groups, and view the logs.
    • If you do not have either R or RW permission, then you will not be able to view the key/host compliance group.
    Encryption This field is applicable only for the user key. Displays the encryption type of the key.
    Length Displays the bit-length of the key.
    Age Displays the age of the key.

    For example, if the key was created 5 days earlier, it displays as 5 Days.
    Client Endpoint(s) Displays the count of client machines associated with the key.

    You can view the list of the hosts associated with the key as a client machine.
    Host Endpoint(s) Displays the count of host machines associated with the key.

    You can view the list of the hosts associated with the key as a host machine.
    Risk Status Displays the status of the key as weak, shared, orphan, or suspicious.
    Status Displays the status of the key.

    The statuses are:

    • Managed
    • Monitored
    Associated Users This field is applicable only for the user key inventory.

    Displays the users associated with the key.
    File Path(s) Displays where the key file is located on the host.
    Comment Displays any comments with regards to the key.
    Validity Displays the validity of the key.
    Fingerprint Displays the fingerprint of the key.