If you are adding Check Point Gaia systems, you must install and start the SSH server on the target system before you can connect using Privileged Access Service. You can add a user name and password for an account to be used to access the system using a secure shell session when adding the system or at a later time.
For any account you add, you can choose whether you want the Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically changes the password immediately after the account and system are added and each time the account is checked in.
If you select Manage this credential, keep in mind that the Privileged Access Service can only manage passwords for privileged user accounts that have sufficient rights to configure and save settings. In addition, if there are any pending changes for other user accounts, those changes will be saved when the Privileged Access Service updates a managed password.
However, if a user or a session selects the configuration lock or runs the command to unlock the system database to make configuration changes, the Privileged Access Service will not rotate or update any passwords until the lock is restored. By default, this might result in a password update being delayed by up to five minutes. You should also avoid setting the configuration lock by running the lock database override command because it could result in a password change not being saved until the next time the system is rebooted, which will lock the managed account and prevent it from being used.
If you must take over a managed account to make configuration changes, you should use the less forceful lock database command to prevent the Privileged Access Service from attempting to rotate or change a managed password before making your changes.
For more information about password and system management for Check Point Gaia systems, see the following topics: