Keys allow administrator users to use key-based authentication with a remote Tenable Security Center (remote repository) or between a Tenable Security Center and a Tenable Log Correlation Engine server. This also removes the need for Tenable Security Center administrators to know the administrator login or password of the remote system.
Note: The public key from the local Tenable Security Center must be added to the Keys section of the Tenable Security Center from which you wish to retrieve a repository. If the keys are not added properly, the remote repository add process prompts for the root username and password of the remote host to perform a key exchange before the repository add/sync occurs.
Remote Tenable Log Correlation Engine Key Exchange
A manual key exchange between the Tenable Security Center and the Tenable Log Correlation Engine is normally not required; however, in some cases where remote root login is prohibited or key exchange debugging is required, you must manually exchange the keys.
For the remote Tenable Log Correlation Engine to recognize the Tenable Security Center, you need to copy the SSH public key of the Tenable Security Center and append it to the
/opt/lce/.ssh/authorized_keys file. The
/opt/lce/daemons/lce-install-key.sh script performs this function. For more information, see Manual Log Correlation Engine Key Exchange.