Specifying or modifying information for remote host  authentication

To enable agent installation, you must specify how to authenticate to a remote host on which an agent has not yet been installed. The information you provide defines the mechanism and the user credential needed to access the remote host.

• Before you begin
• To specify information for remote host authentication
• To modify existing information for remote host authentication

If you are installing on multiple platforms, you typically define at least one set of authentication information for each platform.

In addition to providing remote host authentication information, you must also define rules that specify which remote host authentication to use for each agentless device. See Creating or modifying rules for remote host authentication.

Before you begin

Create automation principals, which specify user credentials that can be used to access remote hosts. For more information, see Creating-automation-principals.

When installing agents on Microsoft Windows systems, set up a PsExec server, which functions as a proxy to execute psexec requests on agentless hosts. For more information, see Setting-up-a-PsExec-server.

NEW IN 8.9.03(Windows only) Ensure that you must have Server Message Block (SMB) v2 enabled on a Windows server.

Required authorizations

To create a remote host authentication, your role must be granted the following authorizations:

• BL_Administration.Read
• RemoteHostAuthentication.Read
• RemoteHostAuthentication.Create
• AutomationPrincipal.Read (to access automation principals specified in this procedure)
• Server.Read on the PsExec server, if you are specifying a remote host authentication for Windows

To specify information for remote host authentication

1. Select Configuration > Infrastructure Management.
2. In the Infrastructure Management window, right-click the Remote Host Authentications node. Then select New Remote Host Authentication. The New Remote Host Authentication window opens.

3. Enter the following information for authenticating to a remote host:

   Field	Description
   Name	Name for this set of authentication information. You can enter any name. The TrueSight Server Automation system uses the name for identification and display within the system.
   Description	(Optional) Descriptive text about the authentication information.
   Command Execution Protocol	Specifies the mechanism for accessing an agentless device. Select one of the following: PSEXEC (Windows Only) — Specifies that a PsExec server is used as a proxy to execute psexec requests on an agentless Windows host. This protocol is required when installing agents on Windows servers. Authentication on agentless hosts uses credentials defined in an automation principal that you specify on this panel. SSH (Non-Windows) — Executes commands directly on an agentless host using the credentials defined in an automation principal that you specify on this panel. SSH + SUDO (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The sudo command is attached as a prefix to all commands. If sudo requests a password, the password associated with the automation principal is used. SSH + SU (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The automation principal credentials are used to access the agentless host. The credentials provided in a superuser automation principal are used to issue the su command to gain elevated privileges.
   PsExec Server	Identifies a live Windows server where PsExec is installed. This option is only required when authenticating to Windows servers. Multiple remote host authentication definitions can use the same PsExec server. The PsExec server must: - Run a Windows operating system - Have PsExec installed - Have an RSCD agent, version 8.2 or later, installed and running - Be added to the Servers folder in the TrueSight Server Automation Console BMC recommends that when you install agents on Microsoft Windows devices that are not enabled for a domain, specify a PsExec server that is not part of a domain. When you install agents on Microsoft Windows devices that are enabled for a domain, specify a PsExec server that belongs to the same domain. Ensure that the automation principals you are using to access the agentless devices are associated with the same domain. For more information about the PsExec server, see Setting-up-a-PsExec-server.
   Maximum Execution Parallelism	Specifies the maximum number of PsExec connections that the PsExec server can run simultaneously. By default this option is set to 20. You can set a level of parallel execution for the Agent Installer Job with the Number of targets to process in parallel option. (See Agent-Installer-Job-General). Regardless of that level, no active PsExec server ever exceeds the level of parallelism set with Maximum Execution Parallelism option.
   SSH Port	(only enabled for Non-Windows platforms) Specifies the port used for SSH communication on the host. By default this port number is set to 22. Note While specifying a port number ensure that you do not use any of the reserved ports.
   Automation Principal	Identifies the automation principal to be used when authenticating to a remote host. An automation principal defines user credentials that can be used to access the remote system. For more information, see Creating-automation-principals.
   Super-user Automation Principal	Identifies an automation principal that provides credentials for a superuser account on a UNIX system. Only the SSH + SU command execution protocol requires a superuser automation principal.

4. Click Finish. The Infrastructure Management window lists the remote host authentication you created.

To modify existing information for remote host authentication

1. Select Configuration > Infrastructure Management.
2. In the Infrastructure Management window, expand the Remote Host Authentications node. Right-click the remote host authentication you want to modify and select Properties. The Modify Remote Host Authentication window opens.

3. Enter the following information for authenticating to a remote host:

   Field	Description
   Name	Name for this set of authentication information. You can enter any name. The TrueSight Server Automation system uses the name for identification and display within the system.
   Description	(Optional) Descriptive text about the authentication information.
   Command Execution Protocol	Specifies the mechanism for accessing an agentless device. Select one of the following: PSEXEC (Windows Only) — Specifies that a PsExec server is used as a proxy to execute psexec requests on an agentless Windows host. This protocol is required when installing agents on Windows servers. Authentication on agentless hosts uses credentials defined in an automation principal that you specify on this panel. SSH (Non-Windows) — Executes commands directly on an agentless host using the credentials defined in an automation principal that you specify on this panel. SSH + SUDO (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The sudo command is attached as a prefix to all commands. If sudo requests a password, the password associated with the automation principal is used. SSH + SU (Non-Windows) — Executes commands directly on the agentless host using the credentials defined in an automation principal that you specify on this panel. The automation principal credentials are used to access the agentless host. The credentials provided in a superuser automation principal are used to issue the su command to gain elevated privileges.
   PsExec Server	Identifies a live Windows server where PsExec is installed. This option is only required when authenticating to Windows servers. Multiple remote host authentication definitions can use the same PsExec server. The PsExec server must: - Run a Windows operating system - Have PsExec installed - Have an RSCD agent, version 8.2 or later, installed and running - Be added to the Servers folder in the TrueSight Server Automation Console BMC recommends that when you install agents on Windows 7 and Windows 2008 devices that are not enabled for a domain, specify a PsExec server that is not part of a domain. When you install agents on Windows 7 and Windows 2008 devices that are enabled for a domain, specify a PsExec server that belongs to the same domain. Ensure that the automation principals you are using to access the agentless devices are associated with the same domain. For more information about the PsExec server, see Setting-up-a-PsExec-server.
   Maximum Execution Parallelism	Specifies the maximum number of PsExec connections that the PsExec server can run simultaneously. By default this option is set to 20. You can set a level of parallel execution for the Agent Installer Job with the Number of targets to process in parallel option. (See Agent-Installer-Job-General). Regardless of that level, no active PsExec server ever exceeds the level of parallelism set with Maximum Execution Parallelism option.
   SSH Port	(only enabled for Non-Windows platforms) Specifies the port used for SSH communication on the host. By default this port number is set to 22. Note While specifying a port number ensure that you do not use any of the reserved ports.
   Automation Principal	Identifies the automation principal to be used when authenticating to a remote host. An automation principal defines user credentials that can be used to access the remote system. For more information, see Creating-automation-principals.
   Super-user Automation Principal	Identifies an automation principal that provides credentials for a superuser account on a UNIX system. Only the SSH + SU command execution protocol requires a superuser automation principal.

4. Click Finish. The Infrastructure Management window lists the remote host authentication you created.