How many times discovery try to authenticate a device via SSH?

Rick54
Tera Expert

Hello,

We recently came across an issue where discovery tried to attempt SSH auth (this happens when there is an open port 22) on a network device which took down all other dependent network devices and created an outage due to discovery tried ssh for more than 10 times. I am wondering how many times discovery try to authenticate a device when the credentials are not working?

 

Thanks!

1 ACCEPTED SOLUTION

It tries all your valid credentials - so if you have 1 valid SSH account - then once.  If you have 10 accounts then 10 times.  So look at your credential table and look to see how you setup your credentials.

View solution in original post

7 REPLIES 7

Once you have IP Affinity set it will try the one which was last used as CREDS.

For those N/W devices you can have a dedicated schedule and you can use CREDS ALIAS for that given schedule so that it only TRIES the CREDS associated with given Alias.

Regards

RP

Rick54
Tera Expert

I thought same credential is going to be tried multiple times on the same ip at that moment. Thanks for confirming that.

Vivektietsood
Tera Guru
Tera Guru

you can exclude the IP of that network device by creating an entry in 

discovery_range_item_exclude

In addition - you should try to talk to your network admins usually there is a policy set where if login attempt was made after X number of attempts then the further attempts are blocked. This is very important for denial of service type of attacks and should be in place for every device

Order credentials in proper order:

Credentials can be assigned an order value in the Credentials Form, which forces the application to try all the credentials at their disposal in a certain sequence. If you do not specify an order value, the application tries the credentials in the Credentials [discovery_credential] table randomly, until it finds one that works

Ordering credentials is useful in the following situations:

  • The credentials table contains many credentials, with some used more frequently than others. For example, the table contains 150 SSH credentials, and five of those credentials are used to log in to 90% of the devices. It is good practice to configure those five credentials with low-order numbers, which place them at the top of the execution list. Discovery and Orchestration work faster when they try these common credentials first. After the first successful connection, the Now Platform knows which credentials to use the next time for each device.
  • The Now Platform has aggressive login security. For example, configure database credentials with a low-order value if Solaris database servers in the network only provide three failed login attempts before locking out the MID Server.

https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/credentials/reference/crede...

 

Please like or comment if this helps.