Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Step by Step guide to the configurations of iQSonar and SSH Keys.   iQSonar supports SSH Keys in OpenSSH format for authentication.

Create your SSH Key file

On Linux/Unix machine:
The command to generate an ssh key file is "ssh-keygen". Used without any parameters it will usually generate an SSH2 version RSA key. Additional options are available. See "man ssh-keygen (FreeBSD version)" for more details.

On a Windows computer you will probably be using either PuTTY or BitviseSSH clients, and they each have their own way to generate a set of public and private key.    You may need to take an extra step to export the private key in OpenSSH format.
For example, with PuttyGen, after you have created your key, choose the "Conversions" menu and select Export OpenSSH Key (Force New Format) - this is the key you will use in iQSonar.

Target Server

Locate the .ssh directory for the user you will use to scan the target server (If the directory doesn't exist for that user it will need to be created)

If the username is iQSonar, then the hidden folder .ssh will be located in /home/iQSonar/.ssh  typically on Linux/Unix hosts. 

    [mdoyle@hydra ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mdoyle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mdoyle/.ssh/id_rsa.
Your public key has been saved in /home/mdoyle/.ssh/id_rsa.pub.
The key fingerprint is:
c0:bf:33:bd:f3:5a:8b:32:48:82:85:51:3e:18:6b:fa mdoyle@hydra

Note that two files are created. The public key (which is copied to the remote server) and the private key (which is stored on your computer)

Once you have your key(s), they  to be appended to the .ssh/authorized_keys file on the remote host. It is important to append keys to this file if it already exists not replace an existing file, as replacing an existing file will lock you out from other computers you have previously set up remote login from. The authorized_keys file contains one key per line!

[mdoyle@hydra ~]$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/mdoyle/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/mdoyle/.ssh/id_rsa.Your public key has been saved in /home/mdoyle/.ssh/id_rsa.pub.​

In the worked example below, the user name is mdoyle on the unix host we're logged in to (hydra), and mike on the host we're setting up for ssh_key access (10.0.1.3).

Unix Command/outputMeaning/Comment
[mdoyle@hydra ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mdoyle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mdoyle/.ssh/id_rsa.
Your public key has been saved in /home/mdoyle/.ssh/id_rsa.pub.
Generate the key. Do not specify a password to allow for use in scripts without user input.
[mdoyle@hydra ~]$ scp .ssh/id_rsa.pub mike@10.0.1.3:
Password for mike@mc:
id_rsa.pub 100% 411 0.4KB/s 00:00

Copy the key to the remote host. You WILL be prompted for your password.


[mdoyle@hydra ~]$ ssh mike@10.0.1.3
Password for mike@mc:

Last login: Tue Sep 12 14:25:36 2017 from 10.0.1.1
Welcome to FreeBSD!


Log in to the remote host, enter your password (for the last time)
[mike@mc ~]$ cat id_rsa.pub >> .ssh/authorized_keys
[mike@mc ~]$ chmod 600 .ssh/authorized_keys
[mike@mc ~]$ rm id_rsa.pub
[mike@mc ~]$ logout
Connection to 10.0.1.3 closed.
Append the key to the authorized keys file
[mdoyle@hydra ~]$ ssh mike@10.0.1.3
Last login: Tue Sep 12 14:29:45 2017 from 10.0.1.1
Welcome to FreeBSD!
Now you log in with no password prompt

Existing Key

To create you "authorized_keys" file you can copy the file from your local system using the following:

ssh-copy-id -i "filename" user@hostname

Permissions that are required are 600 for that authorized_keys file.

Incorrect permissions will prevent you from logging in!

iQSonar configuration

Navigate to locations > credentials

  1. Set Credential Type to Unix Linux
  2. Select SSH Key
  3. Insert your Private Key, including the Begin RSA Private Key and End RSA Private Key lines (in the above example, this is the id_rsa file. 
  4. Save and Close


Note

The SSH Key is treated like a password and can't be retrieved from the UI once saved




  • No labels