Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Absent Member.. jowillia Absent Member..
Absent Member..
260 views

DDMi 7.7 - ssh keys

Hello,
Where do I install the ssh private key to allow DDMi to transfer scanners to Linux machines using key pair authentication ?
I see in the 'Data Management' section, options to 'Reset public ssh keys', but I cannot find any documentation describing how to set the path to the private key on the DDMi server.

Thanks in advance.
Tags (1)
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: DDMi 7.7 - ssh keys

You don't need to install anything.
You have two configuration options in the UI, in the Administration > Discovery Configuration > Agent Profile.

I copied below the explanation of how the config options work. The first one allows you to control if you want to allow new devices with unknown keys to be scanned. The second controls if a device that changes key can be allowed.

The tool in Data Management section is for allowing keys to be reset by hand if you are enforcing the option above.

And just to clarify, the ssh keys are not used for authentication, the authentication uses user name/password.

Accept new public client key
----------------------------
This option pertains only to agentless scanning on new UNIX systems using SSH. If you select this option, DDM Inventory will accept the public SSH key of a newly discovered device and initiate an agentless scan. If you do not select this option, an agentless scan is not attempted when new devices are discovered. This option does not affect devices that have already been scanned.

Accept changed public client key
--------------------------------
This option pertains only to agentless scanning on UNIX systems using SSH for which a public key is already known (systems that have already been scanned). If you select this option, DDM Inventory will accept an SSH key that has been modified on a client system and, therefore, does not match the key that was previously used to scan that system. If you do not select this option, an agentless scan is not attempted after the public key has changed. SSH communication with this device will not be allowed until the new key is validated. You can validate a new key by performing a manual scan. This option does not affect newly discovered devices.

NOTE: Selecting this option creates a low-security environment. Select this option only under controlled conditions, not in a production environment. For more information, refer to "Two Types of Scanning: Agentless and Agent-Based" in the Installation and Initial Setup Guide.


Regards,
Brindusa
0 Likes
Absent Member.. jowillia Absent Member..
Absent Member..

Re: DDMi 7.7 - ssh keys

Thank You for the excellent answer.
I was under the impression that ssh keys could be used for authentication, like DDMa.
Now at least I can stop looking for that option..

John
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.