7 Replies Latest reply on Apr 19, 2018 1:03 AM by Andrew Waters

    Appliance SSH keys for Unix discovery

      I have found the link BMC Atrium Discovery Community | ADDM 9.0 | Using SSH keys referring to the keys, but cant seem to find instructions to generate the keys.

      Can someone send me down the right path?

       

      Thank you in advance

       

      Roger

        • 1. Re: Appliance SSH keys for Unix discovery
          Kerryn Wood

          Hi Roger,

           

          These keys are for SSH key exchange. You'll need to upload the public keys found on the remote server.

           

          Generation and location of these keys depends on operating system and options used during generation and this is a configuration consideration for the remote system, not ADDM, and not appropriate for us to document these processes.

           

          The keys (if they don't exist from the installation process) are normally generated by running the command `ssh-keygen` as the user you're creating the keys for. For example, if you choose to generate keys using DSA, the process will generate 2 files, id_dsa and id_dsa.pub, in the ~/.ssh directory (that's a tilde if not drawn correctly). The .pub file, meaning the public key, is the file you would upload to ADDM so that ADDM can automatically connect without a password.

           

          A quick search found this link which describes the process in a little more detail: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

           

          For more information I'd check the administration manuals of the operating system for the targets. I think ssh-keygen pretty much works on most systems.

           

          HTH.

          1 of 1 people found this helpful
          • 2. Re: Appliance SSH keys for Unix discovery
            Chris Cox

            Most systems i've interacted with use the openssh version of ssh.  These are all pretty much the same regardless of the linux / unix package

            theres numerous links online for setting up passwordless ssh authentication.  the command you need to run is ssh-keygen.

            ex:

                 ssh-keygen -t rsa

             

            this link SSH/OpenSSH/Keys - Community Help Wiki is a good tutorial and has solid information. there are others out there that just give a "run these commands" approach.  The single most important thing to understand is to protect your private key and set a strong passphrase

            1 of 1 people found this helpful
            • 3. Re: Appliance SSH keys for Unix discovery
              Andrew Waters

              This is not quite right.

               

              You upload the private key to ADDM and put the public key in ~/.ssh/authorized_keys on the remote system you want to log onto.

              2 of 2 people found this helpful
              • 4. Re: Appliance SSH keys for Unix discovery
                A B

                Hi Andrew,

                Currently, we are having BMC Discovery 11.1.0.2 and was trying to discover ADDM appliance using SSK Key.

                Have generated public/private key pair using DSA, have stored content of public key to ~/ .ssh/authorized_keys, but while uploading private key & passphrase to ADDM it is enforced to add username and password as well for the server. I could see to execute some privileged commands we need username and password.

                 

                But my concern is like we use SSH keys provide a more secure way of logging into a server with SSH than using a password alone because passwords can be cracked. Then why it is enforced to use username and password? Why we cant use only ssh key for discovering basic information of server? Anyhow username and password works as a fallback method of SSH key and required to execute only privilege commands

                 

                Thanks in advance !!

                • 5. Re: Appliance SSH keys for Unix discovery
                  Andrew Waters

                  While it will force you to have a username if you untick the password then it should not force you to have a password.

                   

                  The reason why you may want one is if you are sshing with a key using a non-privileged account and set up PRIV functions to use sudo. Then the system gets asked for a username and password.

                  1 of 1 people found this helpful
                  • 6. Re: Appliance SSH keys for Unix discovery
                    A B

                    I tried a couple of times where have uploaded SSH private key, put the passphrase, select SSH authentication as Key only where have uptick the password field for authentication and then click on apply. As soon as I clicked on apply,  next page is throwing an error as Value is missing for username

                    • 7. Re: Appliance SSH keys for Unix discovery
                      Andrew Waters

                      As I said - in my previous comment. It requires the username.

                      1 of 1 people found this helpful