Entering Credentials

In order to participate in the SSH Collection Module, SSH authentication credentials must be provided to the SSH Collection Module via the RN150 Virtual Appliance credential configuration dialog box. As stated in Privilege Elevation, you will only need to enter each unique credential that is intended to be used, which will be utilized for each system for which that credential is found to be successful.

To enter an SSH credential in the RN150 Virtual Appliance, access the configuration application on the appliance by using the virtual console or by browsing to the appliance IP address via HTTP or HTTPS. From the Dashboard page of the application, select the SSH section. Please note that the SSH Collection Module and the Cisco CLI collection module are different technologies, and to utilize the latter you will need to access the Additional Credentials section, select CLI, and provide credentials there.

Accessing the SSH section will provide an input form for entering credential entries. The exact process of entering a credential varies slightly depending on the authentication type being used for that particular credential entry.

For all authentication types, first enter the username for the credential in the Username field.

Next, from the drop-down list entitled Auth Type, select the type of authentication desired. This will currently be one of password or publickey. The password type should be selected for either password or keyboard-interactive authentication.

If password is selected, an additional entry field will be presented, in which the password should be entered.

If publickey is selected, two input fields will be presented. The full text contents of the private key associated with the credential should be pasted in the Private Key text field. Please note that if the virtual console does not permit copy-and-paste, it may be necessary to access the appliance configuration application over HTTP or HTTPS in order to paste in the contents. The key contents must be PEM encoded ASCII text. The key contents will typically begin and end with a header field, which should be included in the entered text. If the private key being used in the credential entry is passphrase-encrypted, the passphrase associated with the key should be entered in the Key Passphrase field. If the key requires a passphrase and one is not provided, that key will not be able to be successfully used by the SSH Collection Module. If the private key is not passphrase-encrypted, then the Key Passphrase field should be left blank. If a passphrase is entered for an unencrypted key, this will not prevent the SSH Collection Module from successfully using the key, but may be confusing later on or to other users participating in credential entry. If a passphrase-encrypted key is entered without a passphrase and committed to the credentials list, you can edit that entry and add a passphrase.

The Privilege Elevation field is currently not able to be explicitly set by the user, and the value of this field will be automatically determined based on the username provided. If the username is exactly 'root', then the value will be set to None, while any other username will cause the value to be set to sudo.

The Port field specifies the TCP port the client should connect to when utilizing the credential. Port 22 is the default, and will be automatically populated in the field. Any valid TCP port, with some exceptions, can be entered instead. See the Custom Server Ports section for more information.

Once the credential entry form is completed, select the Add button. This will present a further dialog box, similar to other credential types. This dialog box will present a text form that will be auto-populated with the IP address of the default gateway of the RN150 Virtual Appliance network interface. You can replace this IP address with the IP address of a known system that meets the eligibility requirements to test the operation of the credential to that system. It is highly recommended to test each credential that is entered, and if the credential is valid for a number of systems, it is further recommended to test to a sample of these systems. If the Test button is selected, the credential will be attempted against the provided IP address, and if successful, the credential will be added to the list of provided credentials. If the attempt is unsuccessful, the response from the target system will be shown in the dialog box where you can either select a different IP address to test or select Cancel to alter the configuration of the credential. If the test is not desired, then Skip can be selected to immediately add the credential.

The SSH credential page will display some information about the credentials that have been entered. If an existing credential needs to be modified, then select Edit to open a configuration dialog box where the values can be manipulated. Please note that manipulating an existing entry will change the credential for all systems in inventory that are mapped to the credential, and can result in a loss of communication with those system using the SSH Collection Module. If an existing credential needs to be tested to another known system, then you can select Edit, then without modifying the credential select Update. This will bring up the testing dialog box described earlier.

If a credential needs to be deleted, then select the Delete button. Please note that deleting a credential will render it unusable for any systems that have been mapped to that credential, and can result in a loss of communication to those systems using the SSH Collection Module.