Overview

This article explains how to configure, assign, and manage user accounts that JetPatch Manager uses to authenticate with endpoints. You'll learn how to add accounts with administrative permissions and assign them to machines for automated management tasks.

Once JetPatch Manager is able to connect to endpoints, it needs to be able to log into them to manage their management stacks. For this, it needs user accounts with administrative permissions over the endpoints.

You need to provide one or more user accounts, and then assign an account to each machine. 

The provided accounts remain available for assignment to future endpoints; you can change an account's password, and the new password will then be automatically used for all endpoints to which the account is assigned.

If you try to perform an endpoint action from the Console, and JetPatch Manager doesn't have an account for the endpoint, you'll be prompted to assign one. 

For non-attended endpoint actions (REST API actions and policy-based provisioning) to endpoints that don't already have assigned accounts, you can configure a policy for default accounts.

Providing Endpoint User Accounts

To provide endpoint user accounts:

1. Log in as an Administrator, and go to Settings > Server Accounts.
2. Click Edit Credentials:

3. For each user account, configure the account:

• Account Type: 
  • Whether it should be used for Windows machines or for Linux machines. An additional AWS Windows type is available for convenient access to AWS-native Windows instances.
• Account name: 
  • A descriptive label for the account
• Username and Password: 
  • Local or domain-based user details.
  • For Windows domain accounts
    • Either the username@domain or domain\username convention. For Windows local accounts, it is possible to simply type the username. However, some Windows configurations may require a domain syntax even for local users, so it is recommended to use .\username for local users.
• For Linux accounts
  • Either the root user or a different user with sudo permission can be used. If using a user with sudo permission, the sudoer definition for this user must not require password re-entry when running the sudo command. This can be achieved by adding the following line to the sudo configuration (assuming the user name is myuser):

myuser ALL=(ALL) NOPASSWD: ALL

• Private Key and Private Key Passphrase: 
  • For Linux and AWS Windows account types, you can select to use an SSH private key instead of a password, in which case you can then upload an OpenSSH private key file and optionally provide its passphrase.

For Microsoft Windows instances launched in AWS, if you wish to use the random administrator password generated by AWS, choose 'AWS Windows' account type and upload the SSH private key associated with your AWS Windows instances. 

JetPatch Agent Manager will ask AWS for an encrypted copy of the random administrator password for each AWS Windows server, and then use the private key to temporarily decrypt this password to access each instance.

For AWS Linux instances: 

Please note that different operating system images in AWS may use a different username even when sharing the same private key, and so multiple access accounts need to be defined for them. 

For example, while Red Hat Enterprise Linux instances typically use the ec2-user username, Ubuntu instances tend to use the ubuntu username, and SuSE Linux instances use root as the username. 

Refer to the AMI details page in AWS for info on the username used with any AMI.

• JetPatch currently supports private keys in plain and encrypted PEM and PKCS8 formats. 
• Supported key files start with one of the following prefixes: BEGIN RSA PRIVATE KEY, BEGIN ENCRYPTED PRIVATE KEY, or BEGIN RSA PRIVATE KEY. 
• Currently, key files in the new OpenSSH format, i.e., files that start with BEGIN OPENSSH PRIVATE KEY, are not supported.

4. Click OK.

5. Click Close.

To disable an account (for example, before changing a password, to avoid the account being locked due to repetitive login failures), click

Assigning Endpoint Accounts (manually)

Once you've provided user accounts, you need to assign them to endpoints.

To assign a user account to one or more endpoints:

1. In the Servers tab, select the relevant machines. Make sure all selected machines are of the same OS (Windows or Linux).
2. Go to Server Actions > Assign Account, and select the relevant account. If there are many configured accounts, you can search:

To confirm the assigned account, go to Table Settings (right side) and enable the "Assigned Account" column

Assigning Endpoint Accounts (automatically)

• Access - Here

Next Step

• Deploy the JetPatch Connector