iQSonar and SSH Keys
- Conor McCann
- Former user (Deleted)
- Scott McDonald (Deactivated)
- Former user (Deleted)
Step by Step guide to the configurations of iQSonar and SSH Keys. iQSonar supports SSH Keys in OpenSSH format for authentication.
Create your SSH Key file
On Linux/Unix machine:
The command to generate an ssh key file is "ssh-keygen". Used without any parameters it will usually generate an SSH2 version RSA key. Additional options are available. See "man ssh-keygen (FreeBSD version)" for more details. (Most BSD and Linux distributions use OpenSSH or derivatives)
On a Windows computer you will probably be using either PuTTY or BitviseSSH clients, and they each have their own way to generate a set of public and private key. You may need to take an extra step to export the private key in OpenSSH format.
For example, with PuttyGen, after you have created your key, choose the "Conversions" menu and select Export OpenSSH Key (Force New Format) - this is the key you will use in iQSonar.
Target Server
Locate the .ssh directory for the user you will use to scan the target server (If the directory doesn't exist for that user it will need to be created)
If the username is iQSonar, then the hidden folder .ssh will be located in /home/iQSonar/.ssh typically on Linux/Unix hosts.
[SERVERNAME ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: c0:bf:33:bd:f3:5a:8b:32:48:82:85:51:3e:18:6b:fa mdoyle@hydra
Note that two files are created. The public key (which is copied to the remote server) and the private key (which is stored on your computer)
Once you have your key(s), they to be appended to the .ssh/authorized_keys file on the remote host. It is important to append keys to this file if it already exists not replace an existing file, as replacing an existing file will lock you out from other computers you have previously set up remote login from. The authorized_keys file contains one key per line!
[mdoyle@hydra ~]$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/mdoyle/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/mdoyle/.ssh/id_rsa.Your public key has been saved in /home/mdoyle/.ssh/id_rsa.pub.
In the worked example below, the user name is mdoyle on the unix host we're logged in to (hydra), and mike on the host we're setting up for ssh_key access (10.0.1.3).
| Unix Command/output | Meaning/Comment |
|---|---|
[SERVERNAME ~]$ ssh-keygen | Generate the key. Do not specify a password to allow for use in scripts without user input. |
[SERVERNAME ~]$ scp .ssh/id_rsa.pub mike@10.0.1.3: | Copy the key to the remote host. You WILL be prompted for your password. |
[SERVERNAME ~]$ ssh mike@10.0.1.3 | Log in to the remote host, enter your password (for the last time) |
[username@mc ~]$ cat id_rsa.pub >> .ssh/authorized_keys | Append the key to the authorized keys file |
[SERVERNAME ~]$ ssh mike@10.0.1.3 | Now you log in with no password prompt |
Existing Key
To create you "authorized_keys" file you can copy the file from your local system using the following:
ssh-copy-id -i "filename" user@hostname
Permissions that are required are 600 for that authorized_keys file.
Incorrect permissions will prevent you from logging in!
iQSonar configuration
Navigate to locations > credentials
- Set Credential Type to Unix Linux
- Select SSH Key
- Insert your Private Key, including the Begin RSA Private Key and End RSA Private Key lines (in the above example, this is the id_rsa file.
- Save and Close
Note
The SSH Key is treated like a password and can't be retrieved from the UI once saved
Related articles