Keys Settings

Keys allow administrator users to use key-based authentication with a remote Tenable Security Center (remote repository) or between a Tenable Security Center and a Tenable Log Correlation Engine server. This also removes the need for Tenable Security Center administrators to know the administrator login or password of the remote system.

Tenable Security Center Director uses Elliptic Curve Digital Signature Algorithm (ECDSA) keys to authenticate to other Tenable Security Center Director instances, and Rivest-Shamir-Adleman (RSA) keys to authenticate to Tenable Log Correlation Engine servers.

Note: The ECDSA public key from the local Tenable Security Center must be added to the Keys section of the Tenable Security Center from which you wish to retrieve a repository. If the keys are not added properly, the remote repository add process prompts for the root username and password of the remote host to perform a key exchange before the repository add/sync occurs.

For more information, see Add a Key, Delete a Key, and Download the Tenable Security Center Director SSH Key.

Remote Tenable Log Correlation Engine Key Exchange

A manual key exchange between the Tenable Security Center and the Tenable Log Correlation Engine is normally not required; however, in some cases where remote root login is prohibited or key exchange debugging is required, you must manually exchange the keys.

For the remote Tenable Log Correlation Engine to recognize the Tenable Security Center, you need to copy the SSH public key of the Tenable Security Center and append it to the /opt/lce/.ssh/authorized_keys file. The /opt/lce/daemons/lce-install-key.sh script performs this function.