Creating an SSH integration

An SSH integration provides an integration to the system where scripts and command can be run. The integration is agentless and connects directly to the target machine. It authenticates by using SSH public key authentication.

Note: You can only create one SSH integration. Also, you must have an account with administrator role to create, edit, view, or delete an SSH integration.

Before configuring you need to provide the following information:

General integration information

If you are using a jump server (optional), you must configure it. Depending on your environment, you might require a jump server to access your target endpoints. A jump server is an SSH endpoint that is used to connect to the nested SSH endpoints. This is a common approach that is used to communicate between different network zones. To use a jump server with RBA, it must have an SSH server that is running and the nc command must be available. This is used to connect to nested SSH target endpoints.

Jump server configuration information:

Host name/IP Address: The hostname or IP address of the jump server.
Port Number: The SSH port of the jump server.
Username: The username for authentication on the jump server.
Password: The password for authentication on the jump server.

Figure. Create SSH integration

Any integrations to SSH target endpoints use the specified jump server.

For more information about HTTP headers for the various credential types, see HTTP headers for credential types.

Creating an SSH integration

To create an SSH integration, complete the following steps:

Log in to IBM Cloud Pak for AIOps console.
Expand the navigation menu (four horizontal bars), then click Define > Integrations.
On the Integrations page, click Add integration.
From the list of available integrations, find and click the SSH tile.

Note: If you do not immediately see the integration that you want to create, you can filter the tiles by type of integration. Click the type of integration that you want in the Category section.
On the side-panel, review the instructions and when ready to continue, click Get started.
On your target machine, register the default public key to enable access to the target endpoints through SSH for all users.

Configuring SSH public key authentication for the UNIX root user

The displayed public key must be added to all target machines that you plan to run scripts on through the SSH Provider. This key enables any RBA user to run script automations on the given target endpoint. The key must be added to the authorized_keys file that is usually found in the /root/.ssh/authorized_keys folder.

Configuring SSH public key authentication for a specific UNIX user

If you want to enforce that only a specific UNIX user can run the script on this target endpoint you should copy the key to the authorized_keys file in the home directory of the specific user, for example /home/john/.ssh/authorized_keys.

You can regenerate the public key by clicking the refresh button in the upper right corner of the public key.

Note: Regenerating the public key deletes the old key pair. If you choose to regenerate the key pair, you must exchange the public key in each target machine that you plan to access through the SSH Provider.
On the Manage SSH Keys tab that opens, you will see the SSH field default public key for SSH. You need to click the Copy SSH key symbol to copy this key to each target system, and append it to the authorized_keys file, for example ~/.ssh/authorized_keys.

Figure. Manage SSH keys

An example of an SSH key is:
```
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuZkPxIyYH9NrfLEBkIGdwc6frF7WgR9vKZavE97GlTfAAZVhqoTsXO2jLo28sNC7+8wkOYnFEdfBff9tcQPx/lc3d1df35/hJIT0a3jeHxw8YrU3/y6QIzynVvSgcQfKzB33wdN7n8xC5ZPWKXEWM7FbP58kOdzHw7f8fbBIKlPRc9SOUrC0JGvndVvpHOU7x8S3q9EJlD2nKaozA6yu2mcH38CLTNCBRRwbPZ+rxBxWdvJ4mMWvWtJe4lt50W2zAGCIscLKLbyyMGp/DCcJFsMhkOetBDuxAfL1ZkO7rXPT5vK5Fp6549OPDXjqfHKEJ+9WASZD2ui1qmCdeQpUN
```
Note: Every time that you generate a new key that you must register the new key again on all target systems.
Click Next.
The Define a jumpserver (Optional) tab opens. Set the Enable jumpserver toggle to 'On' if you want to provide this information. The following fields show:
- Host name or IP address: The hostname or IP address of the jump server.
- Port Number: The SSH port of the jump server.
- User ID: The username for authentication on the jump server.
- Password: The Password for authentication on the jump server.
Click Done.

Editing an SSH integration

After you create your integration, your can edit the integration. To edit a integration, complete the following steps:

Log in to IBM Cloud Pak for AIOps console.
Expand the navigation menu (four horizontal bars), then click Define > Integrations.
Click the SSH integration type on the Manage integrations tab of the Integrations page.
On the SSH integrations page, click the name of the integration that you want to edit. Alternatively, you can click the options menu (three vertical dots) for the integration and click Edit. The integration configuration opens.
Edit your integration. Click Next to go through the integration configurationn pages. Click Save when you are done editing.

Deleting an SSH integration

If you no longer need your SSH integration and want to delete it entirely, you can delete the integration from the console.

To delete a integration, complete the following steps:

Log in to IBM Cloud Pak for AIOps console.
Expand the navigation menu (four horizontal bars), then click Define > Integrations.
Click the SSH integration type on the Manage integrations tab of the Integrations page.
On the SSH integrations page, click the options menu (three vertical dots) for the integration that you want to delete and click Delete.
Enter the name of the integration to confirm that you want to delete your integration. Then, click Delete.

Your integration is deleted.