Linux/UNIX Remote Execution Login Methods

<< Click to Display Table of Contents >>

RayVentory Scan Engine > 12.6 u4 > User Guide > Appendix I: Prerequisites Inventory Methods > Zero-Touch/Remote Inventory for Linux/Unix (RIU) 

Linux/UNIX Remote Execution Login Methods

Installation Specifications

We are using the library SSH.NET which supports the following private key formats:

 

RSA in OpenSSL PEM and ssh.com format

DSA in OpenSSL PEM and ssh.com format

ECDSA 256/384/521 in OpenSSL PEM format

ECDSA 256/384/521, ED25519 and RSA in OpenSSH key format

 

Private keys can be encrypted using one of the following cipher methods:

 

DES-EDE3-CBC

DES-EDE3-CFB

DES-CBC

AES-128-CBC

AES-192-CBC

AES-256-CBC

 

For further information, please read the documentation for the library: https://github.com/sshnet/SSH.NET

Username and Password

The simplest way is to create a user and password combination:

 

1.Create a user (e.g. useradd RayVentory).

2.Set a password for the User (passwd RayVentory).

3.Set permissions like described below.

4.Add User to the Credentials Store of RVSE.

 

tip

Tip:

Prefer the "privileged" option and add the elevation password.

Superusers like "root" are commonly not permitted to execute every command without elevated rights!

 

RVSE:

 

clip0006

 

SSH Key-Based Authentication

This description might need adoptions, depending on if using Windows or other platforms.

 

1.Login to Linux/Unix system with the designated user account used for RayVentory.

2.Create a local folder .ssh in the users home directory, if such does not exist already

3.If the file ./.ssh/authorized_keys does not exist, create it. 
To this file we need to add the public key later.

4.Make sure sshd configuration and service is set up properly.

5.Download puttygen.exe from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html.

6.Check the download with an Antivirus tool.

7.Start puttygen.exe (screenshot taken from Windows).

8.Start generating a public key by selecting the Generate button.
 
clip0007
 

9.Move the mouse around to randomly generate the key.

10.Set a "Key passphrase" for the public key. This password is required later for changing the public key and generating private keys.

11.Save the public key as file to disk.

12.Copy all data within the public key field and add it to the ./ssh/authorized_keys file within the user directory of the RayVentory user on the Linux or Unix machine. Section highlighted in the following screenshot:
 
clip0008
 

 

tip

Tip:

Prefer the "privileged" option and add the elevation password.

Superusers like "root" are commonly not permitted to execute every command without elevated rights!

 

13.Export the private key as an OpenSSH key and save it.
 
clip0009
 

14.Copy the file containing the "OpenSSH" private key to the RVSE server.

 

Enabling RVSE Using the Private Key File

1.Start RVSE

2.Open the Credential Store and create an SSH credential

3.Select Authentication method "Key file"

4.Add the Username, path of the "OpenSSH key file" and Key passphrase

5.Select option "Privileged" and enter the elevation password
 
clip0010

 

Alternatively, It Is Possible to Create the SSH-Keys Directly on a Linux/Unix Machine

1.Create the SSH-Key with the following command:
ssh-keygen -m PEM -t rsa -b 2048
 
clip0011
 

2.Use the following command to add the public key to the authorized keys:
ssh-copy-id <user>@"IP address of the linux machine"
 
clip0012
 

3.Copy the Private-Key file (file at /home/<user>/.ssh) onto your RVSE server.

 

Deploy Public Key File to Linux/Unix Systems

After creating a new Public Key for SSH and completing tests with RVSE, the public key is ready for deployment to all Linux/Unix systems.