IBM Support

QRadar: SSH connection to managed host prompts for password



The SSH connectivity to a remote host prompts for a password and the connection is not established until administrator enters the remote host's password.


Trying to establish an SSH session to the host fails with the following error:
[root@console ~]# ssh <remote_host>
root@<remote_host>'s password:


The console's public key is not in the remote host's authorized_keys file.

Resolving The Problem

Administrators use the ssh-copy-id to copy the console's public key into the /root/.ssh/authorized_keys file in the remote host:
  1. Use SSH to log in to the QRadar Console as the root user.
  2. Run the ssh-copy-id command to copy the console's public key:
    Note: Replace <remote_host> with the IPv4 address of the remote host.
    ssh-copy-id <remote_host>
    Output example:
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    root@<remote_host>'s password:
    Number of key(s) added: 1
    Now try logging into the machine, with:   "ssh '<remote_host>'"
    and check to make sure that only the key(s) you wanted were added.
    The console's public key is appended to the remote host's authorized_keys. For more information about public-based authentication, see QRadar: What is public key authentication?

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
13 July 2023