IMPORTANT: Please read and understand the following section first!
Understanding Linux and Mac audit credentials
For connecting to Linux and Mac computers via SSH, Network Inventory utilizes Plink&emdash;a command-line network connection tool which is a part of the PuTTY product, distributed under the free MIT license. Plink is included in Network Inventory installation package; the executable file name is plink.exe. For more information on PuTTY and Plink, see the following website: https://www.chiark.greenend.org.uk/~sgtatham/putty/.
When specifying Linux and Mac audit credentials, you can use one of three methods:
-
A combination of a user name and password. This method is easy in use and troubleshooting. However, it has its downside. Although the password is stored in the database in an encrypted format, it is passed to the Plink utility non-encrypted and so can be sniffed on the machine hosting the Inventory Server or over the network.
-
A combination of a user name and private key.
This method relies on a private key instead of a password and is more secure. Your private key is loaded to the database and is stored in an encrypted format. This method uses SSH public key authentication to access Linux and Mac computers without a password. It requires that the SSH public/private key pair is properly set up and the public key is uploaded to all Linux and Mac computers you want to audit. For more information on SSH public key authentication, see http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter8.html.
-
Custom configuration of the command line. This method is intended for advanced use. It allows you to manually specify Plink command line parameters, either as values or as placeholders.
Protocol - this field is read-only. Connection to the Linux and Mac computers is always established through the Secure Shell protocol (SSH).
NOTE: Network Inventory establishes connection to Linux and Mac computers using the Secure Shell protocol (SSH) over a TCP port. Therefore, it is required that the SSH server is running on each client computer and listening on a dedicated TCP port.
Port - by default, Network Inventory accesses client Linux and Mac computers over the standard TCP port 22. If you want to specify a non-standard TCP port that the SSH server running on client computers listens on, enter its number.
Username - enter the account name.
Password - enter the account password.
Private Key - this field is read-only. It displays information about the private key file uploaded to the database.
Browse - click this button to choose your private key file.
Clear - clears the Private Key field.
Use custom command line parameters - select this check box if you want to manually specify Plink command line parameters.
Parameters - this field becomes available when you select the check box above. It contains parameters of the Plink command line. The default command line parameters may look like this:
-P "$PORT" -l "$USER_NAME" -pw "$PASSWORD" "$HOST"
In this example, "$PORT", "$USER_NAME", "$PASSWORD", and "$HOST" are placeholders for command line parameter values, corresponding to the dialog box fields. For more information on placeholders, see below.
The default parameters may include port (-p), user name (-l), password (-pw) or private key (-i). You can edit the command line as needed. For a complete list of Plink parameters, please refer to http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter7.html#plink.
You can configure a custom command line in two ways:
-
You can specify parameter values directly in the command line (e.g. -p "22"). In this case, you are not required to fill out the dialog box fields. However some parameters, such as private key and host, cannot be specified in this way.
-
You can use placeholders instead of specific values (e.g. -p "$PORT"). The actual values for placeholders are taken from the corresponding dialog box fields, which you must fill out. Note that the values for the private key and host must always be passed as placeholders. The value for the $HOST placeholder is determined automatically for each audited computer, hence there is no corresponding dialog box field.
NOTE: Currently, Network Inventory does not support SSH authentication via the Pageant authentication agent. As a possible solution, you can specify your private key file directly in the audit credentials.
Insert Placeholder - inserts a placeholder into the Parameters field.
- used to audit Windows computers. The account that you define must be a member of the local Administrators group on each Windows client machine (either directly or through the membership in a Windows domain group).
- used to audit Linux and Mac client machines. This credentials must allow logging on to these computers. We recommend that you provide credentials for an account with root rights, i.e. the root account or the account that can run the dmidecode command with administrative rights. Otherwise, Network Inventory will not be able to collect SMBIOS hardware informational on Linux computers. Collecting the list of services (daemons) on Mac computers also requires root rights. If you need this information, you should also use the root account or configure the launchctl command to run with elevated (root) privileges under a non-root account.
- used to audit ESXi/vSphere and Citrix hypervisors. This credentials must allow logging on to these computers. We recommend that you use an account with administrative privilege. For Citrix hypervisors, audit credentials must allow logging to the computers using the SSH protocol.
- used to collect audit data on Google Chromebooks. These credentials must allow access to the inventory information about Chromebooks enrolled in the domain.
- used to collect inventory data about networked printers, scanners, hubs, routers, and other devices. Network Inventory detects and identifies those network devices via SNMP.
