What are the differences between the password management options, namely Automatic, Keep given password, and Keep server password, when adding or editing a target server?

Synopsis: This article will provide a better understanding of how password management works and explain various options such as automatic, keep server password, keep given password, and OTP.

1. Keep server password:

This option allows the gateway user to add the target server into the Ezeelogin system without confirming whether the entered password is correct. If an incorrect password is provided, the target server will still be added, but gateway user will not be able to log in to the target server via the SSH gateway.

This option is typically chosen when user do not know the current password set on the target server but do not want to change it to add the system into the SSH gateway. We recommend copying the Servers -> Global Key into the target server's /root/.ssh/authorized_keys file to enable login to the target server via SSH in the Ezeelogin shell (ezsh).

2. Automatic:

This option allows the gateway user to add the target server, after which the password is automatically reset to a new one. The password entered in the target server add form is used to log in and verify that it works before the target server is added to the system. Once verified, a new password is auto-generated and set for the added target server. We recommend this option for optimal security, as it enables automatic password resets with a single click.

3. Keep given password:

This option allows the gateway user to preserve the current password set on the server, ensuring that it will not be changed on the target server during an automatic password reset across all target servers. The password entered in the server add form is used to log in and verify its validity. The target server is added only if the login succeeds with the given password.

4. One time password:

This option allows the gateway user to enter the corresponding one-time password at the password prompt. This is useful when you have servers with OTP authentication that require manual entry of random codes.