Enable SSH Access on the Tenable Virtual Appliance (4.4.x-4.7.x) Last Revised: February 27, 2018
Table of Contents Introduction 3 Requirements 4 Terminology 5 Generate the Key File 6 Generate a Key for Windows Operating System 7 Copy Public Key 14 Generate a Key for Mac OS X Operating System 16 Copy Public Key 17 Enable SSH Access on the Tenable Virtual Appliance 19 Establish an SSH Connection 23 Connect to the Appliance from the Windows Operating System 24 Connect to the Appliance from the Mac OS X Operating System 29 Disable SSH Access on the Tenable Virtual Appliance 31
Introduction You may be asked by Tenable Support personnel to collect information from your Tenable Virtual Appliance. You need to collect this information via an SSH connection. By default, SSH access to the Tenable Virtual Appliance is disabled. This document describes how to enable remote SSH access on the Tenable Virtual Appliance, and how to connect using PuTTY on a Windows system or a terminal on Mac OS X. The time required for the below tasks should not exceed 15 minutes. Minimal IT related experience and Tenable product knowledge is required. Tenable recommends that you only enable SSH access when requested during a Support engagement. Please disable SSH access when your engagement is complete.
Requirements In order to complete the instructions below, you need: Network access to the Tenable Virtual Appliance web UI on port 8000. User credentials required to log into the Tenable Virtual Appliance web UI. puttygen.exe and putty.exe for Windows systems.
Terminology Tenable Virtual Appliance A proprietary operating system image provided by Tenable for use with enterprise server deployments. SSH Secure Shell (SSH) is a cryptographic network protocol used to communicate securely between two computers. SSH Key File A unique computer file used in place of a password. Key Passphrase A password that can be used along with your SSH Key File for additional security. PuTTY (putty.exe) A computer application used to initiate SSH connectivity. Puttygen (puttygen.exe) A computer application used to generate a password key file.
Generate the Key File You must generate an SSH key file in order to connect to the Tenable Virtual Appliance using SSH. Generate a Key for Windows Operating System Generate a Key for Mac OS X Operating System
Generate a Key for Windows Operating System 1. Double click the puttygen.exe application. 2. Click the Generate button. 3. Move your mouse around in the blank, gray area to generate randomness for your secure key.
When complete, your Public Key information will be displayed.
4. (Optional) For additional security, in thekey passphrase field, type a passphrase.
5. Click the Save public key button.
6. In the File name field, type a name for the file. For example, appliance_key.txt. 7. Click the Save button.
7. Click the Save private key button.
Note: If you did not provide a key passphrase, a warning message appears. 8. Click the Yes button. 9. In the File Name field, type a file name for the PuTTY Private Key File (.ppk). For example, appliance_key.
10. Click the Save button. You are finished generating your key. Proceed to the Enable SSH Access on the Tenable Virtual Appliance section to complete this setup. Note: You need the public key data to paste into the Tenable Virtual Appliance SSH configuration field. Keep puttygen.exe open in order to copy the key data to copmlete the Enable SSH Access on the Tenable Virtual Appliance section. Copy Public Key While Enabling SSH Access on the Tenable Virtual Appliance, you must provide the textual output for your public key. 1. Right click in the public key field. 2. Click Select All.
3. Right click on the selected text. 4. Click Copy. The key data is now copied and ready to paste in the Enable SSH Access on the Tenable Virtual Appliance section.
Generate a Key for Mac OS X Operating System 1. Click the Terminal icon to launch the terminal. 2. Type ssh-keygen -t rsaat the terminal command prompt. 3. Press the Enter key on the keyboard. 4. Type keyfile. 5. Press the Enter key on the keyboard. 6. (Optional) For additional security, type a passphrase. Note: Typing a key passphrase is optional for additional security. 7. Press the Enter key on the keyboard. The overall output should resemble:
Note: You need the public key data to paste into the Tenable Virtual Appliance SSH configuration field. Keep the terminal window open in order to copy the key data to complete the Enable SSH Access on the Tenable Virtual Appliance section. Copy Public Key While enabling SSH access on the Tenable Virtual Appliance, you need to provide the textual output for your public key. 1. Type cat keyfile.pub at the command prompt in the terminal. 2. Press the Enter key on the keyboard. The output resembles: 3. Highlight the text output. 4. Hold the Ctrl key on the keyboard down and click the selected text.
5. Click Copy. The key data is now copied and is ready to paste in the Enable SSH Access on the Tenable Virtual Appliance section.
Enable SSH Access on the Tenable Virtual Appliance You need the web address and user credentials of your Tenable Virtual Appliance provided by your system administrator. If your system administrator does not provide you with the web address, you can access the Appliance console and retrieve this information. 1. Press the up arrow on the keyboard to highlight Appliance Information. 2. Press the Enter key on the keyboard. The Interface 0 IP Address and web URL are displayed. 3. Double click your web browser icon to open your browser. 4. Type the web URL retrieved in step 2 into your web browser s address bar. Note: Be sure to include the colon ( : ) symbol followed by the port number 8000. 5. Press the Enter key on the keyboard.
6. Click the Log In button. 7. Type the username and password provided by your system administrator. 8. Click the Log In button. Note: The user name is typically admin.
9. Click Applications > SecurityCenter in the top navigation bar. 10. Scroll to the bottom of the page to the SSH User Access section. 11. From the Enable SSH access for the tns user drop-down menu, select True. 12. Right click in the Authorized Public Keys text box. 13. Click Paste. Your previously copied public key pastes into the field.
The output should resemble: 14. Click the Update SSH Configuration button. A banner appears across the page to indicate success. SSH Access is now enabled on the Tenable Virtual Appliance. Next we will establish a connection from your system to the Tenable Virtual Appliance using SSH.
Establish an SSH Connection Connecting to the Appliance from the Windows Operating System Connecting to the Appliance from the Mac OS X Operating System
Connect to the Appliance from the Windows Operating System You need the IP Address of your Tenable Virtual Appliance retrieved in step 3 of the Enable SSH Access on the Tenable Virtual Appliance section. 1. Double click the putty.exe application. 2. In the Host Name field, type the IP Address of your Tenable Virtual Appliance. 3. In the Category side bar, navigate to Connection > SHH > Auth.
4. Click the Browse button. 5. Double click your private key file. Note: The file extension should be.ppk.
6. Click the Open button.
7. If you receive a Security Alert message, click Yes. 8. In the login as: field, type tns.
9. Press the Enter key on the keyboard. Note: If you created a passphrase when you generated the key, you will be asked to type it. The output should resemble: You are now logged on via SSH and may proceed with the commands provided by the Tenable support team.
Connect to the Appliance from the Mac OS X Operating System You need the generated keyfile name defined in step 4 of the Generate the key for Mac OS X Operating System section. You also need the IP Address of your Tenable Virtual Appliance retrieved in step 2 of the Enabling SSH Access on the Tenable Virtual Appliance section. 1. Launch the terminal by clicking the Terminal icon. 2. Type the following command. Replace keyfile with the name of your generated keyfile, and replace 172.204.81.57 with the IP address of your Tenable Appliance. ssh -i keyfile tns@172.204.81.57 3. Press the Enter key on the keyboard. The output resembles:
You are now logged on via SSH and may proceed with the commands provided by the Tenable support team.
Disable SSH Access on the Tenable Virtual Appliance When you have completed the requested steps by Tenable support you can disable SSH access on your Tenable Virtual Appliance. You need the web URL of your Tenable Virtual Appliance retrieved in step 2 of the Enable SSH Access on the Tenable Virtual Appliance section. 1. Double click your web browser icon to open your browser. 2. Type the web URL into your web browser s address bar. Note: Be sure to include the colon ( : ) symbol followed by the port number 8000. 3. Press the Enter key on the keyboard. 4. Click the Log In button.
5. Type the username and password provided by your system administrator. 6. Click the Log In button. Note: The user name is typically admin.
7. Click Applications > SecurityCenter in the top navigation bar. 8. Scroll to the bottom of the page to SSH User Access. 9. From the Enable SSH access for the tns user drop-down menu, select False. 10. Click the Update SSH Configuration button. A banner appears across the page to indicate success. SSH access is now disabled on the Tenable Virtual Appliance.