SSH Integration

To configure Tenable for Senhasegura using SSH integration:

To configure Tenable for Senhasegura SSH for Tenable Vulnerability Management or Tenable Nessus:

Log in to your Tenable user interface.
In the upper-left corner, click the button.

The left navigation plane appears.
In the left navigation plane, click Scans.

The Scans page appears.
In the upper-right corner of the page, click the Create a Scan button.

The Select a Scan Template page appears.
Select a scan template.

The scan configuration page appears.
In the Name box, type a name for the scan.
In the Targets box, type an IP address, hostname, or range of IP addresses.
(Optional) Add a description, folder location, scanner location, and specify target groups.
Click the Credentials tab.

The Credentials pane appears.
In the Select a Credential menu, select the Host drop-down.
Select SSH.

The Settings pane appears.
In the Auth Type drop-down box, click Tenable for Senhasegura Secret Server.

The Tenable for Senhasegura Secret Server options appear.

Configure each option for the SSH authentication.

Option	Description	Required
Senhasegura Host	The IP address or url for the Senhasegura host.	yes
Senhasegura Port	The port on which the Senhasegura API communicates. By default, Tenable uses 443.	yes
Senhasegura API Client ID	The Client ID for the applicable Senhasegura A2A Application for Oauth 2.0 API authentication.	yes
Senhasegura API Secret ID	The Secret ID for the applicable Senhasegura A2A Application for Oauth 2.0 API authentication.	yes
Senhasegura Credential ID or Identifier	The credential ID or identifier for the credential the you are requesting to retrieve.	yes
Use SSH Key for Target Authentication	The user can select this option to retrieve the SSH Key to authenticate to the target if the configuration is applicable in Senhasegura.	Required if authenticating to target with SSH Key.
Private Key File	The private key used to decrypt encrypted sensitive data from A2A. Note: You can enable encryption of sensitive data in the A2A Application Authorizations. If enabled, you must provide a private key file in the scan credentials. This can be downloaded from the applicable A2A application in Senhasegura.	Required if you have enabled encryption of sensitive data in A2A Application Authorizations.
Escalate Privileges with	Use the drop-down menu to select the privilege elevation method, or select Nothing to skip privilege elevation. Note: Tenable supports multiple options for privilege escalation, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through Senhasegura. The Escalation Account Name field is then required to complete your privilege escalation. Note: For more information about supported privilege escalation types and their accompanying fields, see the Nessus User Guide, the Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.	Required if you wish to escalate privileges.
Escalation account credential ID or identifier	If the escalation account has a different username or password from the least privileged user, enter the credential ID or identifier for the escalation account credential here.	no
HTTPS	This is enabled by default.	yes
Verify SSL Certificate	This is disabled by default.	no

Do one of the following:
- If you want to save without launching the scan, click Save.
- If you want to save and launch the scan immediately, click Save & Launch.
  
  Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

To configure Tenable for Senhasegura SSH for Tenable Security Center:

Log in to Tenable Security Center.
Click Scanning > Credentials (administrator users) or Scans > Credentials (organizational users).

The Credentials page appears.
Click Add.

The Credential Templates page appears.
In the Miscellaneous, API Gateway, Database, SNMP, SSH, or Windows, or Web Authentication sections, click the tile for the specific method you want to configure.

The Add Credentials configuration page appears.
In the Name box, type a name for the credentials.
In the Description box, type a description for the credentials.
(Optional) Type or select a Tag. For more information, see Tags in the Tenable Security Center User Guide.

Configure each option for the SSH authentication.

Option	Description	Required
Senhasegura Host	The IP address or url for the Senhasegura host.	yes
Senhasegura Port	The port on which the Senhasegura API communicates. By default, Tenable uses 443.	yes
Senhasegura API Client ID	The Client ID for the applicable Senhasegura A2A Application for Oauth 2.0 API authentication.	yes
Senhasegura API Client Secret ID	The Secret ID for the applicable Senhasegura A2A Application for Oauth 2.0 API authentication.	yes
Senhasegura Credential ID or Identifier	The credential ID or identifier for the credential that you are requesting to retrieve.	yes
Use SSH Key for Target Authentication	The user can select this option to retrieve the SSH Key to authenticate to the target if configuration is applicable in Senhasegura.	Required if authenticating to target with SSH Key.
Private Key File	The Private Key used to decrypt encrypted sensitive data from A2A. Note: You can enable encryption of sensitive data in the A2A Application Authorizations. If enabled, you must provide a private key file in the scan credentials. This can be downloaded from the applicable A2A application in Senhasegura.	Required if you have enabled encryption of sensitive data in A2A Application Authorizations.
Escalate Privileges with	The Private Key used to decrypt encrypted sensitive data from A2A. Note: Tenable supports multiple options for privilege escalation, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through Senhasegura. The Escalation Account Name field is then required to complete your privilege escalation. Note: For more information about supported privilege escalation types and their accompanying fields, see the Nessus User Guide, the Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.	Required if you wish to escalate privileges.
Escalation account credential ID or identifier	If the escalation account has a different username or password from the least privileged user, enter the credential ID or identifier for the escalation account credential here.	no
HTTPS	This is enabled by default.	yes
Use SSL	When enabled, Tenable Security Center uses SSL for secure communications. This setting is enabled by default.	no
Verify SSL Certificate	When enabled, Tenable Security Center validates the SSL certificate. This setting is disabled by default.	no
Privilege Escalation	The Private Key used to decrypt encrypted sensitive data from A2A. Note: Tenable supports multiple options for privilege escalation, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through Senhasegura. The Escalation Account Name field is then required to complete your privilege escalation. Note: For more information about supported privilege escalation types and their accompanying fields, see Privilege Escalation.	no

Click Submit.

Tenable Security Center saves your configuration.