Configuring Linux operating system public key authentication

To scan Linux® operating systems by using secure public key authentication, you must configure your IBM® QRadar® console or managed host and the asset that you want to scan. When authentication is configured you can do authenticated scanning by specifying a Linux operating system user name, and not specifying a password. QRadar supports both rsa and dsa for SSH key generation.

Before you begin

You must install a public and private key on a QVM scanner, and install the public key on the scan target.

A QVM scanner is automatically installed on a QVM processor host, and might also be installed on other managed hosts.

The user account on the scan target must have a login shell and must be capable of running the commands that are required for a patch scan on the target. For more information, see Enabling permissions for Linux or UNIX patch scans.

This procedure describes how to configure a single public/private key pair and transfer them to a QVM scanner and scan target.

Procedure

  1. Using SSH, log in to the QRadar console as the root user.
  2. Generate a public key pair by typing the following command:

    su -m -c 'ssh-keygen -t <key_type>' qvmuser

    Note: <key_type> is either dsa or rsa.
  3. Accept the default file by pressing Enter.
  4. Accept the default passphrase for the public key by pressing Enter.
  5. Press Enter again to confirm.
  6. Copy the public and private keys to all managed hosts on which a QVM scanner is installed.

    cd /home/qvmuser/.ssh

    rsync -ogp id_<key_type> id_<key_type>.pub <IP address>:/home/qvmuser/.ssh
    • Replace <key_type> with dsa or rsa.
    • Replace <IP address> with the IP address of the scanner and enter the root password when prompted.
    Note: The QVM processor includes a scanner. If the processor is not running on the QRadar console, you must also transfer the keys to the QVM processor.
  7. Copy the public key to the scan target by typing the following command:

    cd /home/qvmuser/.ssh

    ssh-copy-id -i id_<key_type>.pub <user>@<IP address>
    • <key_type> – dsa or rsa.
    • <IP address> – the IP address of the scan target.
    • <user> – the user on the scan target.
  8. Type the user password for the scan target.
  9. Check that the qvmuser account on the QVM scanner can SSH to the scan target without a password by typing the following command:

    su -m -c 'ssh -o StrictHostKeyChecking=no <user>@<IP address> ls' qvmuser

    • <IP address> – the IP address of the scan target.
    • <user> – the user on the scan target.

    A list of the files in the user's home directory on the scan target is displayed.

What to do next

Create a scan profile in QRadar Vulnerability Manager with user name of the user on the scan target without specifying a password and run a patch scan.