Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Linux Operating System Public Key Authentication

 

To scan Linux operating systems by using secure public key authentication, you must configure your JSA console or managed host and the asset that you want to scan. When authentication is configured you can do authenticated scanning by specifying a Linux operating system user name, and not specifying a password. JSA supports both rsa and dsa for SSH key generation.

You must configure your public key on the device where your vulnerability processor is installed. For more information, see Verifying that a vulnerability processor is deployedIn JSA Vulnerability Manager, you can verify that your vulnerability processor is deployed on a JSA console or JSA Vulnerability Manager managed host..

  1. Using SSH, log in to the JSA console or managed host as the root user.
  2. Generate a public DSA key pair by typing the following command:

    su -m -c 'ssh-keygen -t dsa' qvmuser

  3. Accept the default file by pressing Enter.
  4. Accept the default passphrase for the DSA key by pressing the Enter key.
  5. Press the Enter key again to confirm.
  6. Copy the public key to the scan target by typing the following command:

    ssh-copy-id -i /home/qvmuser/.ssh/id_dsa.pub root@<IP address>

    Change <IP address> to the IP address of the scan target.

  7. Type the passphrase for the scan target.
  8. Check that the qvmuser account on the console can SSH to the scan target without a passphrase by typing the following command:

    su -m -c 'ssh -o StrictHostKeyChecking=no root@<IP address> ls' qvmuser

    Change <IP address> to the IP address of the scan target.

    A list of the files in the root user's home directory on the scan target is displayed.

Create a scan profile in JSA Vulnerability Manager with user name root without specifying a password and run a patch scan.