Chapter 5. Configuring and maintaining Discovery
After installation is complete, you might have to complete other steps to configure or maintain Discovery. The options that you choose during installation and the way in which you use Discovery can determine the types of configuration and maintenance tasks that you need to perform.
Learn more
If you are going to run network scans with credentials that include SSH keys as the authentication method, then the Discovery application must have access to the keyfile information. To learn more about adding SSH keys to the Discovery application, see the following information:
5.1. Adding SSH keys to the Discovery server for network scans
When you configure sources and credentials for a network scan, you select the type of credential to use to authenticate to the network assets that are being scanned. One of the available options for the credential is to authenticate with a username and SSH keyfile. If you choose this option, you must add a copy of the private key to a specific directory on the server so that Discovery can authenticate to those assets and complete the processes that occur during a scan.
You might have to perform these steps as an ongoing maintenance task as you create and refine the credentials needed for your network scans.
Each SSH private key provided must be copied into the directory that was mapped to /sshkeys
path on the server container during the Discovery server installation. In other words, the SSH private key must be copied to your file system at the mount point where the container will look for it. The default path for this mount point directory is "${HOME}"/.local/share/discovery/sshkeys
on the system where Discovery is installed. That file path is a shared volume to the container at discovery:/sshkeys
.
This process is required because the container must have a standardized mount point to map to the container volume during container initialization. Using a standardized mount point is required for security reasons. A container should never have full access to your entire file system. When you are using the Discovery command line interface or the graphical user interface, using the full path to a resource will result in an error stating that the file is not a valid file on the file system. This message occurs because the container searches for the path on its own file system, not at the full path that is passed to it.
When you or other Discovery users are using the graphical user interface to create network credentials that use SSH, the field that requires the mount point directory location is the SSH Key File field. For the command line interface, it is the --sshkeyfile
argument. For both of these options, the default value of the mount point directory is "${HOME}"/.local/share/discovery/sshkeys
.
Procedure
To add an SSH keyfile to the Discovery server:
- Copy the private key from the keyfile, using the copy method of your choice.
-
Add the private key to the
"${HOME}"/.local/share/discovery/sshkeys
directory on the Discovery server, the default location for this directory at the time of server installation. - Repeat these steps as needed for all credentials that use SSH keyfiles as the authentication method, including when relevant new credentials are added.