SSH Integration

To configure an SSH credentialed network scan with BeyondTrust:

  1. Log in to Tenable Security Center.

  2. Click Scanning > Credentials (administrator users) or Scans > Credentials (organizational users).

    The Credentials page appears.

  3. Click Add.

    The Credential Templates page appears.

  4. In the Miscellaneous, API Gateway, Database, SNMP, SSH, or Windows, or Web Authentication sections, click the tile for the specific method you want to configure.

    The Add Credentials configuration page appears.

  5. In the Name box, type a name for the credentials.
  6. In the Description box, type a description for the credentials.
  7. (Optional) Type or select a Tag. For more information, see Tags in the Tenable Security Center User Guide.

  8. Configure each option for the SSH authentication.

    Option Description
    Username The username to log in to the host you want to scan.
    BeyondTrust Host The BeyondTrust IP address or DNS address.
    BeyondTrust Port The port BeyondTrust is listening on.
    BeyondTrust API User The API user provided by BeyondTrust.
    BeyondTrust API Key The API key provided by BeyondTrust.
    Checkout Duration

    The length of time, in minutes, that you want to keep credentials checked out in BeyondTrust. Configure the Checkout duration to exceed the typical duration of your Tenable Security Center scans. If a password from a previous scan is still checked out when a new scan begins, the new scan fails.

    Tip: Configure the password change interval in BeyondTrust so that password changes do not disrupt your Tenable Security Center scans. If BeyondTrust changes a password during a scan, the scan fails.
    Use SSL

    If enabled, Tenable Security Center uses SSL through IIS for secure communications. Configure SSL through IIS in BeyondTrust before enabling this option.
    Verify SSL Certificate

    If enabled, Tenable Security Center validates the SSL certificate. Configure SSL through IIS in BeyondTrust before enabling this option.
    Use Private Key If enabled, Tenable Security Center uses key-based authentication for SSH connections instead of password authentication.
    Use Privilege Escalations

    If enabled, Tenable Security Center uses BeyondTrust for privilege escalation.

  9. Click Submit.

    Tenable Security Center saves your configuration.