Using SSH keys

You can use private RSA keys for UNIX-based systems to connect with a specific user. To do so, you must create a user and an RSA key. If you already have a Discovery user that you want to connect to the system (or an LDAP user), start by generating an RSA key.

Create a Discovery user

Log in to the UNIX system with permissions to create a user, then use the following commands to create a user:

  1. Create a user with the login name discousr and a default home directory: user add discousr -m
  2. Change the password for the user: passwd discousr
  3. Add the user to the shudders group: adduser discousr sudo
  4. Change to the created user: su - discousr

Generate an RSA key

The Discovery SFTP_RSA export type doesn't support .ppk files.

Before you create a key, you need to create a file named authorized_keys inside your ~/.ssh folder of the remote host that will contain the public key (the id_rsa.pub file). If the file already exists, you can append the new public key.

cat $HOME/.ssh/id_rsa.pub >> authorized_keys

To generate an RSA key:

  1. Use the following commands:
    1. Generate the RSA key files: ssh-keygen -t rsa -m PEM
    2. Create your private RSA key. This file will be used by the Discovery tool: $HOME/.ssh/id_rsa
    3. Create your public RSA key: $HOME/.ssh/id_rsa.pub
  2. Copy the public RSA key (this is also required for connecting to the host): ssh-copy-id discousr@localhost
  3. Copy the private RSA key file to the system that is running the Discovery tool. For example, create a subfolder to C:\Program Files\Discovery\rsakeys\. You also should rename the id_rsa file (such as discousr_id_rsa) so you can identify the key file for each credential.
  4. Use the private RSA key file as described in Set up Discovery - Credentials.

Known limitations

When you configure the Discovery tool or Collector with the export type SFTP_RSA, you might need to generate a key using the ssh-keygen command. If the algorithm is not accepted by the target system, you may encounter an error similar to this one:

Jul 07 11:42:34 <hostname> sshd[5626]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

Assets Discovery uses the latest version of the SSH.NET library. Check out the list of supported host key algorithms:

  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-rsa
  • ssh-dss

If the ssh-rsa algorithm isn't supported, use one of the other supported algorithms to generate a new key. For example, you can run the following command:

ssh-keygen -t ssh-ed25519 -m PEM


Last modified on Feb 18, 2025

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.