SSH User Certificate for Discovery

Naushad1 · ‎10-17-2023

Hi All,

We have been asked by our client to use SSH User Certificate to run Discovery on Linux machines.

They have shared username, ssh paraphrase and ssh private key but no password.

Has anyone did that before?

Any help or guidance would be highly appreciated.

Thank you in advance!!

VivekSattanatha · ‎10-17-2023

Hi Naushad,

Yes you dont require password. you can leave that blank. The user name, passphrase and private key itself enough. The customer would add the public key on those linux machines.

Also just make sure your private key is in PEM format. You can read the below article that would help you understand much better

https://docs.servicenow.com/en-US/bundle/vancouver-platform-security/page/product/credentials/refere...

Regards,

Vivek

Naushad1 · ‎10-17-2023

Hi Vivek,

Thank so much for your response. We did the same but getting Authentication Failed error.

Just to be sure, ServiceNow does support SSH User Certificate?

We are using SSH Private Key Credentials to add Username, Paraphrase and Private Key - Is that correct?

As there anything else needs to be done?

How can I validate is the key is in PEM format?

VivekSattanatha · ‎10-17-2023

In my experience most of the time the linux team wont provide the private key in PEM format. You might need convert using puttygen. It is explained in the above article. I put that specific point here.

The Now Platform supports private keys in the PEM format generated by the OpenSSH ssh-keygen utility. To convert PPK keys that were generated by PuTTY:

Open your private key in PuTTYGen.
Export it in OpenSSH format from the menu Conversions > Export OpenSSH key.
Save the new OpenSSH key.

VivekSattanatha · ‎10-17-2023

Usually if it is in PEM format the key would start with 'begin' and ends with 'end'.