Manual Key Exchange with Tenable Security Center
A manual key exchange between Tenable Security Center and the Log Correlation Engine is normally not required; however, in some cases where remote root login is prohibited or key exchange debugging is required, you will need to manually exchange the keys.
For the remote Log Correlation Engine to recognize Tenable Security Center, you need to copy the SSH public key of Tenable Security Center and append it to the /opt/lce/.ssh/authorized_keys
file on the Log Correlation Engine server. The /opt/lce/daemons/lce-install-key.sh
script performs this function.
Note: The Log Correlation Engine server must have a valid license key installed and the Log Correlation Engine daemon must be running before performing the steps below.
To manually exchange the keys with Tenable Security Center:
-
In Tenable Security Center, download the Tenable Security Center key, as described in Download the Tenable Security Center SSH Key in the Tenable Security Center User Guide. Both DSA and RSA formats work for this process.
-
Save the key file (SSHKey.pub) to your local workstation. Do not edit the file or save it to any specific file type.
-
From the workstation where you downloaded the key file, use a secure copy program, such as “scp” or “WinSCP” to copy the SSHKey.pub file to the Log Correlation Engine system. You will need to have the credentials of an authorized user on the Tenable Log Correlation Engine server to perform this step. For example, if you have a user “bob” configured on the Log Correlation Engine server (hostname “lceserver”) whose home directory is /home/bob, the command on a Linux or Unix system would be as follows:
# scp SSHKey.pub bob@lceserver:/home/bob
-
After the file is copied to the Log Correlation Engine server, in the command line interface (CLI), run the following command to move the file to /opt/lce/daemons:
# mv /home/bob/SSHKey.pub /opt/lce/daemons
-
On the Log Correlation Engine server, as the root user, run the following command to change the ownership of the SSH key file to "lce":
# chown lce /opt/lce/daemons/SSHKey.pub
-
Run the following command to append the SSH public key to the “/opt/lce/.ssh/authorized_keys” file:
# su lce
# /opt/lce/daemons/lce-install-key.sh /opt/lce/daemons/SSHKey.pub
-
To test the communication, as tns user on the Tenable Security Center system, attempt to run the id command:
# su tns
# ssh -C -o PreferredAuthentications=publickey lce@<LCE-IP> id
-
If a connection has not been previously established, you will see a warning similar to the following:
The authenticity of host '192.168.15.82 (192.168.15.82)' can't be established. RSA key fingerprint is 86:63:b6:c3:b4:3b:ba:96:5c:b6:d4:42:b5:45:37:7f. Are you sure you want to continue connecting (yes/no)?Answer “yes” to this prompt.
-
If the key exchange worked correctly, a message similar to the following will be displayed:
# uid=251(lce) gid=251(lce) groups=251(lce)
-
-
You can add the IP address of Tenable Security Center to the Log Correlation Engine system’s /etc/hosts file. This prevents the SSH daemon from performing a DNS lookup that can add seconds to your query times.
-
Add the Log Correlation Engine to Tenable Security Center, as described in Add a Tenable Log Correlation Engine Server in the Tenable Security Center User Guide.