Configuring SSH certificate authentication to connect to and collect data from a UNIX asset

book

Article ID: 178685

calendar_today

Updated On:

Products

Control Compliance Suite Unix

Issue/Introduction

 

Resolution

This document explains how to configure SSH certificate authentication to connect to a UNIX machine.

CCS administrator/user can configure UNIX authentication in the following ways:
1. Specify root/non root credentials for connection and data collection.
2. Specify ssh certificate for connection and data collection.
In this document we will see how to configure ssh certificate for connection and data collection.

In case of authentication through ssh certificate, user does not require to specify UNIX root/user credentials.

Prerequisites on UNIX machine:
1. Create ssh certificate and deploy it on UNIX machine
2. Make sure that the UNIX machine is connectable by adding ssh certificate on putty.

Do any of the following to configure CCS credentials for an asset:
1. Add asset credentials
2. Add common credentials

To Add Asset Credential with certificate authentication:
1. Go to Settings - > Credentials - > Add Asset Credential
2. Specify authentication as Certificate as displayed in the following screenshot:

3. Specify the username to connect to the UNIX machine.
4. Browse to the UNIX certificate path. Make sure that this is the same certificate that is added on the UNIX machine for connection.
5. Specify the passphrase, if any.
6. Same certificate will be used for connection and data collection if a separate credential for data collection is not specified.


7. Click Ok -> Next and specify the asset for data collection.

To Add Common Credential with certificate authentication:
1. Go to Settings - > Credentials - > Add Common Credential
2. Specify authentication as Certificate as displayed in the following screenshot:

3. Specify the username to connect to the UNIX machine.
4. Browse to the UNIX certificate path. Make sure that this is the same certificate that is added on the UNIX machine for connection.
5. Specify the passphrase, if any.
6. Same certificate will be used for connection and data collection if a separate credential for data collection is not specified.


7. Click OK.