SSH Private Key credentials - Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 07:13 AM
I am trying to configure Discovery credentials for Linux/Unix devices and have a few questions.
1. Do we need to generate SSH private key from MID Servers only?
2. Do we need to store Private key in MID server also or is it enough if we store in our instance?
Any advise or guidance would be greatly appreciated.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 07:25 AM
When you create credential in discovery_credentials.list table make sure to select SSH Private Key as Type.
#1 You can generate it from anywhere and store value in discovery_credentials table
#2 it's enough to store Private key in instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 07:57 AM
Thank you Mike.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 08:13 AM
Another point - credentials are NEVER stored on the MID server. Typically* credentials are stored on the instance. When needed by a discovery job, the MID server pulls down the creds (encrypted) and places them in memory on the MID for use while the job is doing its thing.. but the data isn't stored on the MID's disk.
The SSH key you generate is for consumption by the target device to be scanned. The cred really has nothing to do with the MID... the MID just facilitates the disco probes, using the creds defined on the instance.
*Except if you using an external source or plugin, like CyperArk.
Does this help?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 01:46 PM
Thank you.
