Create SSH Credentials

You can create Public Key Encryption credentials to connect to SSH-configured targets. You can select a credential that contains a public and private key pair used for SSH connections.

DSA and RSA key formats are supported.

Optionally, when configuring SSH, you can select to elevate the credential. Using sudo, you can access scan targets that are not configured to allow root accounts to log on remotely. You can log on as a normal user and use sudo to connect with a more privileged account. Additionally, you can use sudo to elevate the same account to get more permissions. Using pbrun, you can elevate the credential when working with Privilege Management for Unix & Linux target assets.

  1. Navigate to Configuration > Discovery Management > Credentials.
  2. Click Create New Credential +.

Create New SSH Credential

  1. Enter a Credential Name.
  2. From the Type list, select SSH.
  3. Enter a Username.
  4. Select an Authentication Type
    • Password: Enter a password and confirm it.
    • SSH-DSS Key: Upload a private key file. Enter key and confirm it if those fields are available.

The Key and Confirm Key fields display only when your administrator has enabled the global site setting to require access keys for discovery credentials: Configuration > System > Site Options > Global Discovery Credential.

  1. Enter a port number, or multiple port numbers separated by commas.
  2. Elevating credentials is optional. To elevate credentials, select one of the following from the Elevation list:
    • sudo: The optional sudo username should be blank in most cases. When blank, commands run with the effective privileges of the root account. If an optional username is entered, sudo runs in the security context of that user.
    • Enable: Enter the credentials for Cisco devices. If you are auditing Cisco devices, you can elevate the credentials to privileged for more thorough scans.
    • pbrun: Enter the pbrunuser username.
  3. Click Create Credential.