Default language.

Using SSH keys

This topic explains how to attach an SSH key to a credential by using the SSH access method. Administrators are assumed to be familiar with setting up and generating SSH keys.  

Related topics

Configuring-credentials

Discovering-cloud-services

Discovering-services-with-API-providers

Integrating-with-credential-brokers

Adding-privileged-execution-to-commands

BMC Discovery supports RSA2, DSA, ECDSA, and ED25519 keys in PEM format, generated with OpenSSH or OpenSSL. For hosts that only support SSH v1, you must use credentials for authentication.

When using SSH keys, the appliance must identify itself to discovery targets and use the private key. Protecting the private key with a strong passphrase is strongly recommended. The key and the passphrase are stored in the credential vault when uploaded.

If the SSH key-based login attempt fails, the credential falls back and attempts to log in using the configured username and password.

It is important to configure a username and password even when an SSH key is to be used. When privileged command execution is required, that password is used in the command, for example: sudo password command.

Tip

After the key is stored in the credential vault, it is encrypted and cannot be recovered. You are strongly recommended to keep copies of private keys in secure storage according to your local security guidelines.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*