-
1. Re: Appliance SSH keys for Unix discovery
Kerryn WoodMar 12, 2015 8:52 AM (in response to Roger Bayne)
1 of 1 people found this helpfulHi Roger,
These keys are for SSH key exchange. You'll need to upload the public keys found on the remote server.
Generation and location of these keys depends on operating system and options used during generation and this is a configuration consideration for the remote system, not ADDM, and not appropriate for us to document these processes.
The keys (if they don't exist from the installation process) are normally generated by running the command `ssh-keygen` as the user you're creating the keys for. For example, if you choose to generate keys using DSA, the process will generate 2 files, id_dsa and id_dsa.pub, in the ~/.ssh directory (that's a tilde if not drawn correctly). The .pub file, meaning the public key, is the file you would upload to ADDM so that ADDM can automatically connect without a password.
A quick search found this link which describes the process in a little more detail: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
For more information I'd check the administration manuals of the operating system for the targets. I think ssh-keygen pretty much works on most systems.
HTH.
-
2. Re: Appliance SSH keys for Unix discovery
Chris Cox Mar 12, 2015 8:59 AM (in response to Roger Bayne)1 of 1 people found this helpfulMost systems i've interacted with use the openssh version of ssh. These are all pretty much the same regardless of the linux / unix package
theres numerous links online for setting up passwordless ssh authentication. the command you need to run is ssh-keygen.
ex:
ssh-keygen -t rsa
this link SSH/OpenSSH/Keys - Community Help Wiki is a good tutorial and has solid information. there are others out there that just give a "run these commands" approach. The single most important thing to understand is to protect your private key and set a strong passphrase
-
3. Re: Appliance SSH keys for Unix discovery
Andrew WatersMar 13, 2015 2:03 AM (in response to Kerryn Wood)
2 of 2 people found this helpfulThis is not quite right.
You upload the private key to ADDM and put the public key in ~/.ssh/authorized_keys on the remote system you want to log onto.
-
4. Re: Appliance SSH keys for Unix discovery
A B Apr 17, 2018 7:02 AM (in response to Andrew Waters)Hi Andrew,
Currently, we are having BMC Discovery 11.1.0.2 and was trying to discover ADDM appliance using SSK Key.
Have generated public/private key pair using DSA, have stored content of public key to ~/ .ssh/authorized_keys, but while uploading private key & passphrase to ADDM it is enforced to add username and password as well for the server. I could see to execute some privileged commands we need username and password.
But my concern is like we use SSH keys provide a more secure way of logging into a server with SSH than using a password alone because passwords can be cracked. Then why it is enforced to use username and password? Why we cant use only ssh key for discovering basic information of server? Anyhow username and password works as a fallback method of SSH key and required to execute only privilege commands
Thanks in advance !!
-
5. Re: Appliance SSH keys for Unix discovery
Andrew WatersApr 17, 2018 8:11 AM (in response to A B)
1 of 1 people found this helpfulWhile it will force you to have a username if you untick the password then it should not force you to have a password.
The reason why you may want one is if you are sshing with a key using a non-privileged account and set up PRIV functions to use sudo. Then the system gets asked for a username and password.
-
6. Re: Appliance SSH keys for Unix discovery
A B Apr 19, 2018 12:49 AM (in response to Andrew Waters)I tried a couple of times where have uploaded SSH private key, put the passphrase, select SSH authentication as Key only where have uptick the password field for authentication and then click on apply. As soon as I clicked on apply, next page is throwing an error as Value is missing for username
-
7. Re: Appliance SSH keys for Unix discovery
Andrew WatersApr 19, 2018 1:03 AM (in response to A B)
1 of 1 people found this helpfulAs I said - in my previous comment. It requires the username.