• State Verified Answer
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 255 views
  • Users 0 members are here
Options
Related

Creating RHEL asset with imported SSH key using Safeguard-PS

robert devald
2 months ago

Dear Support, community

What we'd need to do is importing (creating) a new Red Hat (RHEL) asset in Safeguard, using Safeguard-PS (because we're speaking of numbers in the hundreds here, so we can't do it manually through the GUI.

We have already used Safeguard-PS before to automate the onboarding of new Oracle Assets using a password and this worked great! However, I'm having a bit of a trouble with onboarding the RHEL assets because of the following issues:

When importing through the GUI, I need to select the option "Import an SSH Key that I will deploy myself" because the service account has been created on the target systems with a specific key. When using this option, you need to give the service account name, then have to import the ppk (private key file) and enter the password for this ppk file. I can't figure out how to use this type of Asset creation though Safeguard-PS or how I could automate it for mass importing.

I have searched the forums before posting this but I can't seem to find any entries with this specific question / issue. I have gotten this far with the safeguard-ps command:

New-SafeguardAsset -DisplayName "example RHEL server" -Description "Access to the Linux server example RHEL server" -AssetPartition "Linux" -Platform "RHEL" -ServiceAccountCredentialType "SSH Key" -ServiceAccountName "pam001s" -ServiceAccountSecretKey "[PPK contents pasted here in plain text]" -ServiceAccountPassword "ExamplePassword123 [password of the PPK file]" -NetworkAddress "ExampleRHEL.corporate.company" -NoSslEncryption

Can you please give some pointers on how to mass-import using the option "Import an SSH Key that I will deploy myself"?

Thanks!

Robert Devald

Parents Reply Children
  • 0 2 months ago in reply to Tawfiq.Ahmad

    Hi Tawfiq

    Thanks for your quick response! We run 7.0.2.1 LTS so I have tried with the CSV method as well just now, but the CSV import still goes through Safeguard-PS and I'm still missing the parameters to specify that I want to onboard the Asset with a service account that has an existing key (with a password). Is there no parameter that exists for this?

    Or should we do it in two steps where:
    1) We onboard all the desired assets with no service account (or any accounts for that matter)
    2) We onboard all the service accounts separately with the New-SafeguardAssetAccount command (I created a template for this one and with this one I also don't seem to have the needed parameters for this). I also checked New-SafeguardDirectoryAccount parameters and can't see the option here either.

    Am I missing something crucial here? Or is it not possible to add assets with service accounts with existing SSH keys through Safeguard-PS?

    Thanks!

    Robert

  • 0 2 months ago in reply to Tawfiq.Ahmad

    One more quick entry to this as a response, you said:

    "[The] ServiceAccountPassword parameter is referring to the actual account password (if any passwords exist for the account itself) rather than the SSH Key file password in this case.

    I suspected as much but then what parameter does refer to the SSH key password, how can we get this to work with the import? Thanks again!

  • +1 2 months ago in reply to robert devald

    I checked further and it seems what you are looking to accomplish is only possible in the Feature release branch as part of the new mentioned feature allowing Import of Assets via CSV in the Web UI in SPP release v7.4 and above.

    These features will eventually be included in the next major LTS release of v8.0

    The CSV template from 7.4 has a column header for ConnectionProperties/ServiceAccountSshKey/Passphrase which is the column used for the SSH Key password.

    Thanks!

  • 0 2 months ago in reply to Tawfiq.Ahmad

    Your response is greatly appreciated! In that case we'll switch over to the feature release branch because we have around 730 assets to import like this and we're not too keen on doing it manually. I hope it will work well with the 7.4.1 version, without too many hiccups along the way.

    Kind regards
    Robert