The following process worked in my environment. You will need a service account on your endpoints and a public/private key pair for each of your MID servers before you can configure the SSH Private Key credential in ServiceNow:

1. Service Account
   1. Setup a service account on your endpoint that has administrative privileges
   2. Use a central management tool or sneakernet/intern-net to push the service account to all endpoints
2. Create the public/private key pair on the MID server
   1. If your MID server is running on a Windows machine, use PuTTYgen to generate your key pair. This is a great link for setting up PuTTY
   2. If your MID server is running on Linux/Unix, look at using ssh-keygen to generate your key pair
3. Copy your MID server public key to your endpoints
   1. The public key will need to be saved in $HOME/.ssh/authorized_keys for your service account
4. Create a new credential record in ServiceNow
   1. ServiceNow only supports PEM file private keys. Using PuTTYgen, follow these directions to convert your private key to PEM
   2. ServiceNow > Credentials > New
      1. Name: Enter a descriptive name
      2. Type: SSH Private Key
      3. User name: username of the service account on the endpoint
      4. SSH passphrase: the passphrase used to generate the public/private key pair on the MID server
      5. SSH private key: copy the entire contents of the PEM file private key from your MID server
      6. Applies to: Specific MID servers
      7. MID servers: select the MID server that this key pair was generated on
      8. Click Save
5. You will need to repeat this process for all MID servers used in Discovery

Starting with Dublin, you can add a sudo password, if required. We are on Calgary so that field is not available to us. This would defeat the purpose of using the key pair for my requirements so we are not likely to use it after we upgrade. The alternative would be to use the NOPASSWD option. Hope this helps.