AI Docs

How to get Linux and Unix inventory using RSA Key Pairs

2 min read

certero logo_cropped_png-01 1.png

SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have the password stored in files, and eliminated the possibility of a compromised server stealing the user's password. RSA key-based authentication may be used with Certero instead of a traditional username and password when performing an inventory on Linux and Unix servers.

Using ssh-keygen to Create RSA Key Pairs

There is a good article here on how to use the built-in ssh-keygen utility on a Linux server:

https://www.ssh.com/ssh/keygen.

Note that with Certero, you will need to use the RSA algorithm with a key size of 2048 bits. The command line to create a key of this type using ssh-keygen would be:

ssh-keygen -m PEM -t rsa -b 2048

With Certero version 8.2.84.38062 support has been added for stronger encryption algorithms SHA2 with a key size of 4096 bits. The command line to create a key of this type using ssh-keygen would be:

ssh-keygen -t rsa-sha2-512 -b 4096 -m pem

Note that you may need to use different encryption keys for different servers.  So for example with Red Hat 9 and Ubuntu 22 RSA SHA1 keys are not supported by default and it is likely that older versions of Linux do not support SHA2 keys.

You will need to enter a passphrase (similar to a password) for the private key. A good passphrase should have at least 15, preferably 20 characters and be difficult to guess. It should contain upper case letters, lower case letters, digits, and preferably at least one punctuation character. N.B. The passphrase should be stored in a secure location. The ssh-keygen command will create two files:

Private Key:

id_rsa

Public Key:

id_rsa.pub

You can copy the keys from the Linux server using tools such as WinSCP.

Copying the Public Key to the Linux or Unix

To use public-key authentication, the public key must be copied to a server and installed in an authorized_keys file. There is an article on how to do this here:

https://www.ssh.com/ssh/authorized_keys/openssh

Uploading Private Keys into Certero

Private keys can be uploaded into Certero under Client Management:

  • Go to Client Management > RSA Private Keys

  • Click New

  • Give the key a Name and Description

  • Click the magnifying glass to browse to the location of the Private Key (id_rsa)

  • Enter the Passphrase

  • Click Save to save the key

Once the private key has been uploaded into Certero it can be used in Credential sets.