USM Anywhere enables you to assign credentials to your assets. If the required credential set is not yet defined in USM Anywhere, you must add it before you can associate it with one or more assets. The Credentials page displays a list of all credential sets that are defined and available to be associated with an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. or asset groupAsset groups are administratively created objects that group similar assets for specific purposes..
To add a new credential
- Go to Settings > Credentials.
- Click New Credentials.
- Enter a name for the credential in the Name field and, if desired, a description to clarify its use in the Description field.
In Credential Type, select SSH or Windows RM based on the operating systemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux. of the asset.SSH
Use this credential for Linux or OS X or any other device that supports an SSH connection:
- Username: Enter the username for the account with the required privileges.
Authentication method: Set the SSH authentication mode and enter the password, private key, or both.
- Password: Select this option to use a simple password to authenticate the user account. It is mandatory if you do not use a private keyKey used to decrypt and transform a message to plain text and generate signatures of the message. A private key is only known to the receiver, or both the sender and receiver. See also public key..
- Private key (no passphrase): Select this option to use a private key to authenticate the user account.
- Private key with passphrase: Select this option to use a private key and password combination to authenticate the user account.
Important: A private key must start with an appropriate header, such as "-----BEGIN RSA PRIVATE KEY----" and "-----END RSA PRIVATE KEY-----". Always copy the certificateElectronic document that uses a digital signature to bind a public key with an identity. Can be used to verify that a public key belongs to an individual. in the form with the header.
- Password: It only appears if you select Password as authentication method. Enter the password that authenticates the user.
Privilege elevation: Select the elevated privilege to use for the credentials.
sudoA program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.: Use this option to run single commands with rootHigh-level user account with full administrative privileges. privileges.
sudo 'command1'; sudo 'command2'; sudo 'command3' ...
su: Use this option to run single commands with superuser privileges. This requires you to enter the username and password for the superuser account.
su username -c 'command1'; su username -c 'command2'; su username -c 'command3' ...
Cisco IOS Enable Password: Use this option only for vulnerability scans on Cisco IOS devices.
This requires level 15 privileges, similar to root, for running a vulnerability scan. See Scan Target Platform Support.
- Port: This is automatically set (SSH listens on portEndpoint of a communication stream identified by a unique integer number. Only one process per machine can listen on the same port number. 22 by default) and cannot be changed.
Use this credential for Microsoft Windows.
Important: Only members of the Administrators or Remote Management Users groups are able to log in through WS-Management.
Important: The account used to log in to the target system must have remote and local log-on rights. See Setting Log on Locally and the Security Policy for more information.
Username: Enter the username for the account with the required privileges.
Important: The username must have 20 characters or less.
- Password: Enter the password for the user account.
- Domain: (Optional.) Enter the domain name registered in the Domain Name System (DNS).
- Port: If an alternative port number is required, enter the port number. The default port, 5985, is standard.
Note: Use a fully qualified domain name (FQDN) instead of a Network basic input/output system (NetBIOS) name. If you use a NetBIOS name, you will get an invalid SSH gateway error.
- Click Save.