.pem key credentials Discovery

H3ll0 Th3r3 · ‎12-21-2018

Hi Everyone 🙂

I am trying to run Discovery and I am getting some log messages saying, "No credential found for types [SSH Password,SSH Private Key]". My server that is set up for Discovery detection only has a .pem key right now. When I go into Discovery to add credentials for this, all I can find are credentials that require user names and passwords. What is up with that? How do I provide ServiceNow with the .pem file directly or get a username/password from the .pem to use?

Thanks in advance ❤️

DaveHertel · ‎12-23-2018

Hi - Before doing a quick discovery.... when creating the new credential, use the UI action to Test Credential. Of course, enter the IP of the machine to be tested against. This will verify if the CRED is good, before bothering with a Disco job. If the Test Cred doesn't work there, then its likely either the private key setup isn't correct (either on the target server or the credentials area on the instance).

What exact error message are you getting? Its also possible the MID servers aren't setup right, but... would need exact error message to determine if that is an issue or not. "I tried using quick discovery it's not resolving." Can you provide the error message?

sravanpinnamane · ‎12-23-2018

Hi Dave,

Thank you for your response. I added the below SSH Private Key to the ServiceNow Credential and added username ec2-user

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTv262JApzjruAB1O4xwMsU5b22+EdbF3HtJQEg2RuRUWdCcj0EFzhRR1Db9Aqv0Fn0NhgQxM1Ny29n5Tn/9s4rpENi86QLADNbjJvnCI1UKvBv9Kyh5y54WJCpiFhRodrR/ygJFr0MOrGReFLTpfIrlUFC8bPFLx9Lc1kgCbKzCIfgyKDigDTNnMEGlwdLGZfdCTnYFXFdZFslJroa47WAB1vzT0vQ4oN2hemGNaALMBFR/RZuB+GSqNK8ZKHXI3dcw/LqR0Izp3DU9niUMs1RdNVO/XsdiWkrocWi3ruZ2A8sh5NhPcWcNVhrESdMVcahlSibrLOkwpGVTFCYuzd imported-openssh-key

Here is the status of my discovery.

Thank you,

Sravan

DaveHertel · ‎12-23-2018

Use the UI action button to test the credential to see if it works before running a disco job

sravanpinnamane · ‎12-23-2018

It's not working, showing an "Authentication failed" message. I am able to discover the Windows properly.

DaveHertel · ‎12-23-2018

Hi -- I just ran thru these steps on my AWS EC2 Linux lab boxes to verify these steps work as described below.

1. Test your .PEM keys to ensure they are correct. Using Putty, convert to .PPK format (putty doesn't support keys in .pem format so they must be converted). Putty should be able to login using ec2-user and your .PPK key file (i.e. convered .PEM key)
When you are sure your .PEM file works for ec2-user (default aws acct), then proceed to step 2

2. Create new credential Discovery > Credential > SSH Private Key Credential
2a. In NAME field provide whatever you want, this is a human-friendly name for you to recall its purpose
2b. in USER NAME field, enter: ec2-user (assuming you are using the default AWS linux account, or enter whatever acct name is appropriate for your EC2 linux box)
2c. in SSH PRVIATE KEY field, paste the ENTIRE .PEM file contents (EVERYTHING!), including the header & footer RSA PRIVATE KEY lines. See example below:

2d Save credential. No need for "password" or "ssh passphrase", unless you have explicitly provided a passphrase. If you have used a pass phrase, then enter it... But if you are just getting started with AWS EC2 Linux, I'd recommend not using it, to simplify your life for now... keep it simple.

3. Test the credential. Use the "Test Credential" link. Enter the IP address of a same machine used in step 1 (when verifying Putty worked to login). The MID server should already be setup and able to service the private IP of the EC2 linux box. If you can't get a successful Test, then don't proceed. Repeat steps 1 & 2 if needed.... You must be able to successfully test the CRED before running a disco job

4. Running Quick Discovery against the IP address of the EC2 Linux box should now work.

Does this help? Hope so...