SSH Integration

To configure SSH integration:

  1. Log in to the Tenable user interface.
  2. Click Scans.
  3. Click + New Scan.

    The My Scans page appears.

  4. Select a scan template.

    The Scan Templates page appears.

    The scan configuration page appears.

  1. In the Name box, type a name for the scan.

  2. In the Targets box, type an IP address, hostname, or range of IP addresses.
  3. (Optional) Add a description, folder location, scanner location, and specify target groups.
  1. Click the Credentials tab.

    The Credentials options appear.

  2. In the Select a Credential menu, select the Host drop-down.
  3. Select SSH.

    The Senhasegura field options appear.

  4. Configure each field for SSH authentication.

    Option Description Required

    Senhasegura Host

    The IP address or url for the Senhasegura host.


    Senhasegura Port

    The port on which the Senhasegura API communicates. By default, Tenable uses 443.


    Senhasegura API Client ID

    The Client ID for the applicable Senhasegura A2A Application for Oauth 2.0 API authentication.


    Senhasegura API Secret ID The Secret ID for the applicable Senhasegura A2A Application for Oauth 2.0 API authentication.


    Senhasegura Credential ID or Identifier The credential ID or identifier for the credential the you are requesting to retrieve.


    Use SSH Key for Target Authentication The user can select this option to retrieve the SSH Key to authenticate to the target if the configuration is applicable in Senhasegura. Required if authenticating to target with SSH Key.

    Private Key File

    The private key used to decrypt encrypted sensitive data from A2A.

    Note: You can enable encryption of sensitive data in the A2A Application Authorizations. If enabled, you must provide a private key file in the scan credentials. This can be downloaded from the applicable A2A application in Senhasegura.

    Required if you have enabled encryption of sensitive data in A2A Application Authorizations.

    Escalate Privileges with

    Use the drop-down menu to select the privilege elevation method, or select Nothing to skip privilege elevation.

    Note: Tenable supports multiple options for privilege escalation, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through Senhasegura. The Escalation Account Name field is then required to complete your privilege escalation.

    Note: For more information about supported privilege escalation types and their accompanying fields, see the Nessus User Guide, the Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.

    Required if you wish to escalate privileges.
    Escalation account credential ID or identifier If the escalation account has a different username or password from the least privileged user, enter the credential ID or identifier for the escalation account credential here. no


    This is enabled by default.


    Verify SSL Certificate

    This is disabled by default.


  1. Click Save.