Link to

During initial installation, you can install Nessus as a remote scanner linked to If you choose not to link the scanner during initial installation, you can link your Nessus scanner later.

Note: If you use domain allow lists for firewalls, Tenable recommends adding * (with the wildcard character) to the allow list. This ensures communication with, which the scanner uses to communicate with

Note: Once you link Nessus to, it remains linked until you unlink it.

Before you begin:

  • Configure Nessus as described in Configure Nessus.
  • If the Nessus scanner is or was previously linked to,, or Nessus Manager, you need to unlink the scanner or run the nessuscli fix --reset-all command (for more information, see Fix Commands).

To link Nessus to from the Nessus user interface:

  1. On the Welcome to Nessus screen, select Managed Scanner.

  2. Click Continue.

    The Managed Scanner screen appears.

  3. From the Managed by drop-down box, select

  4. In the Linking Key box, type the linking key of your instance.
  5. (Optional) If you want to use a proxy, select Use Proxy.

    Configure the proxy settings in Settings.

  6. (Optional) To configure advanced settings such as proxy, plugin feed, and encryption password, click Settings.

    • (Optional) In the Proxy tab:
      1. In the Host box, type the hostname or IP address of your proxy server.
      2. In the Port box, type the port number of the proxy server.

        Note: To view the ports that Tenable products require, see the What ports are required for Tenable products? knowledge base article.
      3. In the Username box, type the name of a user account that has permissions to access and use the proxy server.
      4. In the Password box, type the password of the user account that you specified in the previous step.
      5. In the Auth Method drop-down box, select an authentication method to use for the proxy. If you do not know, select AUTO DETECT.
      6. If your proxy requires a preset user agent, in the User-Agent box, type the user agent name; otherwise, leave it blank.
      7. Click Save.
    • (Optional) In the Plugin Feed tab:
      1. In the Custom Host box, type the hostname or IP address of a custom plugin feed.
      2. Click Save.
    • (Optional) In the Encryption Password tab:
      1. In the Password box, type an encryption password.

        If you set an encryption password, Nessus encrypts all policies, scans results, and scan configurations. You must enter the password when Nessus restarts.

        Caution: If you lose your encryption password, it cannot be recovered by an administrator or Tenable Support.

      2. Click Save.
  7. Click Continue.

    The Create a user account screen appears.

  8. Create a Nessus administrator user account that you use to log in to Nessus:
    1. In the Username box, enter a username.
    2. In the Password box, enter a password for the user account.

      Note: Passwords cannot contain Unicode characters.

  9. Click Submit.

    Nessus finishes the configuration process, which may take several minutes.

  10. Using the administrator user account you created, Sign In to Nessus.

To link Nessus to from the command-line interface (CLI):

If you registered or linked Nessus previously, you need to reset Nessus before linking to

Run the following commands to reset Nessus and link to based on your operating system. To retrieve the linking key needed in the following commands, see Link a Sensor in the user guide.

Note: The --reset-all command used in the following steps removes any existing users, data, settings, and configurations. Tenable recommends exporting scan data and creating a backup before resetting. For more information, see Backing Up Nessus.
Note: When running the adduser command in the following steps, create the user as a full administrator/system administrator when prompted.