Network Shell to agent
For traffic between a Network Shell client and an agent, BMC Server Automation relies on TLS to secure communication and the following options for authenticating the Network Shell client to the agent:
- Self-signed, client-side certs — Enables agents to authenticate Network Shell clients. To accomplish this, agents are provisioned with SHA1 fingerprints of Network Shell clients' self-signed certificates.
For implementation details, see TLS with client-side certs - Securing a Network Shell client.
- IP address — Limits an agent's incoming traffic to IP addresses of specific Network Shell clients. (If necessary, Application Servers can also be specified in the same way.)
To implement this approach, modify the exports file on each agent. For more information, see Configuring the exports file.
- No authentication — By default, when a Network Shell client connects to an agent, no authentication occurs other than the authentication provided by the underlying operating system of the host where Network Shell is running when a Network Shell user logs in.
A default installation of BMC Server Automation provides no authentication. Instead, this configuration relies on the host operating system of the Network Shell client to authenticate a user.