1. Asset Account Management

Asset account management is mainly for the management of JumpServer's asset accounts, including account view, account template, account push, account collection, account change password, account backup and so on.

1.1 Account List

Account list, the administrator can view all the account information of the assets that have been managed in the system.

Click View to view the account and password of the corresponding asset (the current user needs to enable MFA secondary authentication in advance).

If you want to query the account under a certain asset, you can go to the asset list-asset details page-account list.

1.2 Account Template

Create an account template in advance. When creating different assets, you can quickly add the same account through the account template to avoid re-creating the same account, which can greatly improve the administrator's operation and maintenance efficiency.

When creating an asset, you can quickly bind the account to the asset by adding a template.

In the account list, you can bind template accounts to assets in batches.

If you need to update the password of the template account, you can modify it directly in the template and synchronize it to the asset.

1.3 Account push

The account push task can quickly help administrators create a batch of accounts on assets (Account push requires the corresponding asset to exist in a privileged account).

After the task is created, click Execute.

In asset authorization, specify an account-select template to add, automatically create an account that does not exist under the asset and push it (Account push requires the corresponding asset to exist in a privileged account).

1.4 Account Collection

The account collection task can quickly collect existing and logged-in accounts on the asset and synchronize them to the bastion host.

Create an account collection task, select the assets or nodes that need to collect accounts, and enable or disable the task based on actual needs.(Account collection requires the corresponding assets to exist in a privileged account).

Create a task, submit it and execute it. You can view the collected account information in the "Account Collection" module, and view the account collection task execution history in the execution list.

Select the corresponding account and click "Synchronize" to synchronize the account to the corresponding asset. Click "Synchronize and Delete" to delete the account on the bastion host and asset.

2. Account password change function and password change plan

Administrators can change the passwords of asset accounts regularly and in batches through account password change, realize automatic password change, meet the requirements of system password security policy, reduce workload and improve work efficiency.

2.1 Create a password change task

Create a password change task on the Account Password Change page. In the password change task, manually enter the account that needs to be password changed and press Enter. Select the corresponding asset or node, configure the password policy, specify or randomly generate passwords and keys, and enable or disable regular execution of the task based on actual needs.

Changing the password of an account requires a privileged account for the corresponding asset.

By default, the password of the privileged account "root, administrator" is not allowed to be modified. You need to add the configuration parameter "CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED=false", allowing the privileged account password to be modified and restarting the bastion host to take effect.

2.2 Execute the encryption task

In the password change list, manually execute the password change plan.

2.3 View the execution record of the account password change task

In the execution list, details, you can view the execution results of the encryption task and the new original key.

3. Account backup and export function

The account backup function can help administrators quickly back up account information regularly and send it to the administrator's email or SFTP server in the form of a file.

3.1 Create an account backup task

In the account backup task, select the account type, backup type, and backup recipient to be backed up. Enable or disable the task periodically based on actual needs.

Note:

1. The backup recipient needs to set the "file encryption password" in advance.

2. If you use email to receive backup files,The mail server needs to be configured in advance.

3. The backup recipient's user mailbox needs to be configured correctly.

3.2 Export asset account

In account management, account list, you can export asset accounts to files and view them directly.