Overview

LanGuard can make use of public key SSH authentication when scanning Unix based computers. This procedure describes the following steps that are necessary to use this authentication method:

• Create an RSA key pair on the Unix computer id_rsa = private key; id_rsa.pub = public key
• Configure the Unix computer to allow SSH connections via the generated RSA key pair.
• Configure LanGuard to use the private key to connect to the Unix computer.

Process

1. Connect to the Unix computer as the user: root
2. Run the command: ssh-keygen -t rsa.
3. Confirm the default output file: /root/.ssh/id_rsa
4. Do not enter a passphrase; press enter to indicate No Passphrase. 
5. Press enter again to confirm.
6. Type cd /root/.ssh to change into the directory.
   • NOTE: There is a period in the directory name.
7. Type ls and press enter.
   • NOTE: You should see the id_rsa and id_rsa.pub keys in the .ssh directory.
8. Type cp authorized_keys authorized_keys_backup and press enter.
   • NOTE: The file authorized_keys holds the public keys of key pairs that are allowed to connect to the SSH server.
9. Type cat id_rsa.pub >> authorized_keys and press enter.
   • NOTE: This command appends the public key that was created in the beginning to the authorized_keys file.
10. Type pico id_rsa and press enter.
    • NOTE: This opens the private key in a text editor.
11. Copy and paste the contents of this file to a notepad on the LanGuard server.
    • NOTE: Do not attempt to transcribe the contents by typing it. Once it is copied, press Ctrl+X to quit Pico and choose NO when asked to save the file. Save the notepad file in a safe place on the LanGuard server's desktop. Ensure that it does not have the .txt extension by placing double quotes around the file name. For the purpose of these instructions, we'll call the file id_rsa.
12. Open the LanGuard console and access the Scan tab.
13. Type in the hostname or IP of the Unix computer.
14. Open the credentials' drop-down list and choose A private key file.
15. Enter the user name: root
16. Point the key file field to the copied id_rsa private key file.
17. Click Scan.
18. Check the scan results and errors; make sure the information is collected and that there are no SSH connection errors.

If the connection fails, it can be tested via an SSH client PuTTY:

1. Download PuTTY.
2. Extract the file to a folder on the LanGuard server.
3. Run the command: PuttyGen.exe
4. Go to File > Load Private Key.
5. Load the id_rsa file.
6. Click Save Private Key.
   • NOTE: This saves the private key in a format that PuTTY supports. Name the file id_rsa.ppk with the addition of the extension PPK.
7. Close PuttyGen.
8. Launch the application: Putty.exe
9. Enter the hostname or IP address of your Unix computer.
10. From the left hand side, choose Connection > SSH > AUTH.
11. Under Private key file for authentication choose id_rsa.ppk file created with puttygen.exe.
12. Click Open.
13. Enter user name: root

NOTE: The connection should be established without being prompted for a password.