Question & Answer
Question
How is Secure Shell or SSH used in QRadar?
Answer
Secure Shell or Secure Socket Shell (SSH) is a networking protocol that allows two hosts to securely communicate with each other. QRadar uses SSH to establish connections with the managed hosts and, by default, is configured with public key-based authentication over port 22.
This article provides links to basic information regarding QRadar's usage of SSH, how-to articles for managing your SSH settings, and troubleshooting articles for when you encounter issues with connectivity.
General information:
- QRadar: What is public key-based authentication?
- QRadar: What are SSH tunnels?
- QRadar: Can the default SSH Port in QRadar be changed?
- QRadar: Tunnel services in version 7.4.x
How-to(s):
- QRadar: How to disable or enable SSH tunnels
- QRadar: How to disable or enable encryption compression
- QRadar: How to disable or enable remote tunnel initiation
- QRadar: Checking SSH connectivity to ensure a connection can be formed
- QRadar: Verifying SSH connectivity to the target Managed Host
Troubleshooting:
- QRadar: Troubleshooting SSH when connections cannot be established
- QRadar: SSH fails with error "no matching cipher found"
- QRadar: SSH fails with error "Offending ECDSA key in /root/.ssh/known_hosts:"
- QRadar: SSH to host fails with error "No ECDSA host key is known for <Remote Host IP> and you have requested strict checking"
- QRadar: Troubleshooting connectivity issues when bidirectional communication is not allowed between appliances
- QRadar: SSH connection is closed with error "Server unexpectedly closed network connection"
- QRadar: Network connectivity issues when using virtual appliances with dynamic MAC address
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
13 July 2023
UID
ibm16995245