IBM Support

QRadar: About Secure Shell (SSH)

Question & Answer


Question

How is Secure Shell or SSH used in QRadar?

Answer

Secure Shell or Secure Socket Shell (SSH) is a networking protocol that allows two hosts to securely communicate with each other. QRadar uses SSH to establish connections with the managed hosts and, by default, is configured with public key-based authentication over port 22.

This article provides links to basic information regarding QRadar's usage of SSH, how-to articles for managing your SSH settings, and troubleshooting articles for when you encounter issues with connectivity. 

General information:

  1. QRadar: What is public key-based authentication?
  2. QRadar: What are SSH tunnels?
  3. QRadar: Can the default SSH Port in QRadar be changed?
  4. QRadar: Tunnel services in version 7.4.x


How-to(s):

  1. QRadar: How to disable or enable SSH tunnels
  2. QRadar: How to disable or enable encryption compression
  3. QRadar: How to disable or enable remote tunnel initiation
  4. QRadar: Checking SSH connectivity to ensure a connection can be formed
  5. QRadar: Verifying SSH connectivity to the target Managed Host


Troubleshooting:

  1. QRadar: Troubleshooting SSH when connections cannot be established
  2. QRadar: SSH fails with error "no matching cipher found"
  3. QRadar: SSH fails with error "Offending ECDSA key in /root/.ssh/known_hosts:"
  4. QRadar: SSH to host fails with error "No ECDSA host key is known for <Remote Host IP> and you have requested strict checking"
  5. QRadar: Troubleshooting connectivity issues when bidirectional communication is not allowed between appliances
  6. QRadar: SSH connection is closed with error "Server unexpectedly closed network connection"
  7. QRadar: Network connectivity issues when using virtual appliances with dynamic MAC address

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
13 July 2023

UID

ibm16995245

Page Feedback