I searched the forums here but the closest I could find was here and this isn't the scenario I want to ask about:
What I'm wondering is if it's possible to:
- have an SSH private/public keypair... where:
- the user doesn't have access to see their private key (they can use it via RoyalTS/gateway, but can't view or copy it)
- no one else can use/access their key
- the keypair will have a passphrase and this will be a saved credential (with a specified name so it works for everyone to just save their own passphrase in this credential)
Basically looking for an easy way to revoke a key when needed. If the user leaves the company for example. We'd have to immediately remove their public key from all SSH authorized_hosts files.
But if they no longer have access to RoyalTS Gateway (where we'd somehow store their private key) AND we delete it from there, this would be an easier way to revoke it.
So is there some way to store user's keys securely (on the gateway or some other place) where RoyalTS can access only that user's key and no one else's, AND the user themself can't even see the private key?
we do have a feature called lockdown documents (see: https://content.royalapplications.com/Help/RoyalTS/V5/index.html?tutorials_workingwithlockdowndocument.htm) but I'm not sure if this will work in this particular scenario. Maybe you can have a look and try it.