Adding Credentials for Linux Endpoint Scanning via SSH

Summary:

The Infocyte Platform is able to inspect Linux machines both through an Agent based approach as well as through an Agentless via SSH connection from the HUNT Controller. In this article we show how to inspect Agentless via SSH. 

Prerequisites:

• You will need root access to the machine or a credential in the "sudoers" group.
• Port 22 open from the Controller/HUNT Server to the target host.
• The endpoint must be able to communicate externally with your instance (<INSTANCENAME>.infocyte.com) on port 443.

Basic Configuration:

There are 2 possible configurations. Using only password or using a public/private key pair to initiate the SSH session and password only to elevate to root/sudo.

Using SSH Keys (Optional, Recommended): 
HUNT Cloud allows for SSH authentication using key pairs, within our tool for authenticating endpoints within your network. 

Prepare and gather SSH keys on your endpoints. If you have multiple Linux endpoints and want to authenticate using SSH on all of them, you will need the public key of each Linux machine. If you are not sure how to generate an SSH key on your machine, please see How to use ssh-keygen to generate a new SSH key | SSH.COM to learn how to generate an SSH key. Once that is generated, you will need to copy the public key to the .ssh folder on the Linux system. The file with the public key will end in .pub, which is the extension for the file with the public key. You should add a passphrase to the private key, which is something you will need to make note of as Infocyte HUNT will need that information in order to authenticate against the remote endpoint.

Once you have the private key, you can add it to Infocyte. In the Admin section, click Credentials > SSH Keys and "Add SSH Key".

Name: Enter a reference name for the key.

SSH Key: Paste your key in this field.

Password: Enter the passphrase for the key (Recommended). If your key does not have its own passphrase, leave this field blank.

Encrypt client-side using my passphrase: Check this box to add an additional layer of security to encrypt the key client side (you must have already set up a Client-Side Encryption Key when Installing the Controller.

Password (Credential):

When using an SSH Key to initiate the SSH session, a normal username/password combination is required in order to elevate the session to root (sudo). If an SSH Key is not used at all, the username/password Credential will be used to both initiate the SSH session, and elevate to root.

In the administration console navigate to the Credential Manager and select the Add Credential button on the Credentials tab.  The Admin will be presented with the following fields.  

Name: Friendly Name

Username:  enter the sudoer username.

Password:   Enter password for said user.

Encrypt client-side using my passphrase (optional):  Select this box if Client-Side Encryption is to be used and enter the passphrase twice to confirm it.