This documentation supports the 21.3 (12.3) version of BMC Discovery.

Using SSH keys

This topic explains how you can attach an SSH key to a credential using the SSH access method. It is assumed that administrators are already familiar with setting up and generating SSH keys.  

Note

BMC Discovery supports only RSA2 and DSA private keys in PEM format for certificate-based authentication. For hosts that only support SSH v1, you must use credentials for authentication.

When using SSH keys, the appliance must identify itself to discovery targets so it must use the private key. It is strongly recommended that you protect the private key with a strong passphrase. When they are uploaded, the key and the passphrase are stored in the credential vault.
If the attempted login is unsuccessful using the SSH key, the credential falls back and attempts to log in using the configured username and password.

It is important to configure a username and password even when an SSH key is to be used. When privileged command execution is required, that password is used in the command, for example sudo password command.

Tip

After the key is stored in the credential vault, it is encrypted and cannot be recovered. You are strongly recommended to keep copies of private keys in secure storage according to your local security guidelines.