Reference Guide
...
SSH Proxy
SSH Proxy Connections
Global Username/Password Connection
Privileged users (such as root, superuser, etc.) in the target device are called Global Users. To establish an SSH connection using these accounts, and to make the global user password invisible to local users, the configuration outlined below must be in place, allowing Kron PAM to store the global user credentials to be used for the connection in its database.
- Navigate to Devices> Inventory.
- Click the device group and select the Show Properties option.
- Click the Edit button.
- Under Direct Credential set the username.
- Set the password.
Direct Credential
When connecting to a device with a Direct Credentials, priority rules are applied:
- Priority: If there is a defined Vault account, the Vault password or the rotated SSH Key is used for the GlobalUser authentication.
- Second priority: If the Vault account is not defined, the global SSH Key connects to the device.
- If these two options are not defined in the device properties, the Direct Credential Password connects to the device. The Direct Credential Password has the least priority.
- If the device requests both the SSH Key and password for authentication, the Vault account password is used as priority, and the Direct Credential Password is used as second priority.