Credential Utilization
The SSH Collection Module utilizes a process common with other protocol types such as SNMP and WMI. When a system is discovered, meaning it responds to an ICMP ping and is found to have TCP port 22 available or an alternate port. For more information, see Custom Server Ports. The SSH Collection Module will iteratively use each provided SSH credential to attempt to authenticate with the system. The first credential that is successful in connecting and authenticating, and for which other validation checks are successful, will be mapped to that device. Further communication with the system will be conducted using that particular credential entry.
You can enter a single credential that will be valid for use by any systems that are configured to utilize that credential, and you only need to enter each unique credential that is intended to be utilized. As the SSH Collection Module does not know at the outset which credential entry maps to which device(s), this may result in a number of failed authentication attempts as the SSH Collection Module tries each credential to derive the correct entry for a given system. An IPS or other system that monitors failed authentication attempts may be triggered by this behavior. In this case, an exception may need to be made for the purposes of the SSH Collection Module.