Using SSH keys

You can use private RSA keys for UNIX-based systems to connect with a specific user. To do so, you must create a user and an RSA key. If you already have a Discovery user that you want to connect to the system (or an LDAP user), start by generating an RSA key.

Discovery ユーザーを作成する

Log in to the UNIX system with permissions to create a user, then use the following commands to create a user:

  1. Create a user with the login name discousr and a default home directory: user add discousr -m
  2. Change the password for the user: passwd discousr
  3. Add the user to the shudders group: adduser discousr sudo
  4. Change to the created user: su - discousr

RSA キーを生成する

The Discovery SFTP_RSA export type doesn't support .ppk files.

Before you create a key, you need to create a file named authorized_keys inside your ~/.ssh folder of the remote host that will contain the public key (the id_rsa.pub file). If the file already exists, you can append the new public key.

cat $HOME/.ssh/id_rsa.pub >> authorized_keys

To generate an RSA key:

  1. Use the following commands:
    1. Generate the RSA key files: ssh-keygen -t rsa -m PEM
    2. Create your private RSA key. This file will be used by the Discovery tool: $HOME/.ssh/id_rsa
    3. Create your public RSA key: $HOME/.ssh/id_rsa.pub
  2. Copy the public RSA key (this is also required for connecting to the host): ssh-copy-id discousr@localhost
  3. Copy the private RSA key file to the system that is running the Discovery tool. For example, create a subfolder to C:\Program Files\Discovery\rsakeys\. You also should rename the id_rsa file (such as discousr_id_rsa) so you can identify the key file for each credential.
  4. Discovery を設定する - 資格情報」で説明されているように、非公開 RSA キー ファイルを使用します。

既知の制限事項

When you configure the Discovery tool or Collector with the export type SFTP_RSA, you might need to generate a key using the ssh-keygen command. If the algorithm is not accepted by the target system, you may encounter an error similar to this one:

Jul 07 11:42:34 <hostname> sshd[5626]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

Assets Discovery uses the latest version of the SSH.NET library. Check out the list of supported host key algorithms:

  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-rsa
  • ssh-dss

If the ssh-rsa algorithm isn't supported, use one of the other supported algorithms to generate a new key. For example, you can run the following command:

ssh-keygen -t ssh-ed25519 -m PEM


最終更新日: 2025 年 2 月 18 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.