| Role Availability | Read-Only | Investigator | Analyst | Manager |
-
Go to Settings > Credentials.
-
Click New Credentials.
The Add New Credential dialog box opens.
- Enter a name for the credential in the Name field and, if desired, a description to clarify its use in the Description field.
-
In Credential Type, select or Windows RM based on the of the asset.
Windows RM
Use the Windows RM credential for a Windows operating system. After selecting Windows RM, complete these fields:Important: Only members of the Administrators or Remote Management Users groups are able to log in through WS-Management. The account used to log in to the target system must have remote and local log-on rights. See Setting Log on Locally and the Security Policy for more information.-
Username: Enter the username for the account with the required privileges.
Important: The username must have 20 characters or less.
- Password: Enter the password for the user account.
-
Domain: (Optional.) Enter the domain name registered in the Domain Name System (DNS).
Note: Use a fully qualified domain name (FQDN) instead of a Network Basic Input/Output System (NetBIOS) name. If you use a NetBIOS name, you will get an invalid SSH gateway error.
-
Port: If an alternative port number is required, enter the port number. The default port, 5985, is standard.
SSH
Use the SSH credential for a Linux, Apple macOS, or any other device that supports an SSH connection. After selecting SSH, complete these fields:- Username: Enter the username for the account with the required privileges.
-
Authentication method: Set the SSH authentication mode and enter the password, private key, or both.
- Password: Select this option to use a simple password to authenticate the user account. It is mandatory if you do not use a .
- Private key (no passphrase): Select this option to use a private key to authenticate the user account.
- Private key with passphrase: Select this option to use a private key and password combination to authenticate the user account.
Important: A private key must start with an appropriate header, such as “-----BEGIN RSA PRIVATE KEY----” and “-----END RSA PRIVATE KEY-----”. Always copy the in the form with the header. - Password: This field only appears if you select Password as authentication method. Enter the password that authenticates the user.
-
Privilege elevation: Select the elevated privilege to use for the credentials.
-
: Use this option to run single commands with root privileges. For example:
-
su: Use this option to run single commands with superuser privileges. This requires you to enter the username and password for the superuser account. For example:
-
: Use this option to run single commands with root privileges. For example:
-
Port: This is automatically set (SSH listens on 22 by default) and cannot be changed.
-
Username: Enter the username for the account with the required privileges.
- Click Save.
SSH Key Manual Generation
SSH Key Manual Generation
There are a variety of ways to create an SSH key, and your company may already have predefined rules regarding an algorithm to use and what strength the key needs to be. However, if you need to create an SSH key manually and don’t have a predefined company policy for the creation of the SSH key, you can use the following procedure to make a basic RSA SSH key to add to your credentials.To create an SSH key manually
- Open the command line for Linux or Terminal for macOS.
-
Enter
ssh-keykento create a 2048-bit SSH key orssh-keygen -b 4096to create a 4096-bit SSH key, and then press Enter. The command line prompts you to specify a file location. -
Press Enter to use the default location (
/home/<username>/.ssh/id_rsafor Linux, or/users/<username>/.ssh/id_rsafor macOS), or designate another location for the file. The command line prompts you to specify a passphrase and enter it again to confirm it. - Specify a passphrase or, if you don’t want to use a passphrase, leave the line blank, and then press Enter.
- The SSH key is saved to either the default location or the location you specified.