Credential Commands
Credential commands are used for setting host credentials stored in the Key Manager system.
set-credentials
Syntax:
ssh-mgr-client set-credentials -d <data> [options] [-vvv] [-U <url>]
Set deployment, login, or privilege-elevation credentials for agentless hosts.
-
Deployment credentials: When you deploy hosts using existing deployment credentials, Key Manager uses these to perform the initial connections to the hosts.
-
Login credentials: If set, Key Manager uses these credentials for establishing management connections to hosts after they have been deployed. Otherwise, Key Manager generates and uses an unique SSH key for establishing management connections.
-
Privilege-elevation credentials: Credentials for gaining elevated privileges on hosts.
Required data:
username
For deploy and login credentials, set this to the name of the management user.
For elevate credentials, set this to the user name that you are elevating to (typically root).
usage
The type of credentials being set. Can be deploy, login, or elevate.
Optional data:
password
The password used for deployment, login, or privilege-elevation. Only required for deployment credentials with password authentication, login credentials with password, and privilege elevation with password.
If you are using public-key authentication (with privatekeyfile), specify passphrase instead.
privatekeyfile
The path of the private-key file. Only required for deployment credentials with public-key authentication, and login credentials with public-key authentication.
passphrase
The passphrase of the private key.
Only required if privatekeyfile is used.
hostgroup
The name of the host group for which the credentials are set. Leave blank to set credentials globally.
For better control over the usage of credentials, we recommend setting host-group specific credentials.
label
Free-text label for identifying the credentials. If unspecified, the label is generated automatically. Creating a credential with an existing label overrides the old credentials.
When configuring privilege elevation, you will typically need to specify the elevation command and the elevation conversation as well. These can be set using the commands set-host-group-setting, and set-global-setting (described in sections set-host-group-setting and set-global-setting respectively).
For example, setting public-key deployment credentials for a host group:
$ ssh-mgr-client set-credentials -d usage=deploy,username=alice,\
privatekeyfile=/path/of/privatekeyfile,\
passphrase=example_passphrase,hostgroup=dev_hosts
Example for setting password-based login credentials for a host group:
$ ssh-mgr-client set-credentials -d usage=deploy,username=alice,\
password=example_password,hostgroup=dev_hosts
And for setting private-key-based login credentials for a host group:
$ ssh-mgr-client set-credentials -d usage=deploy,username=alice,\
privatekeyfile=/path/of/privatekeyfile,\
passphrase=example_passphrase,hostgroup=dev_hosts
Deployment and login credentials apply only to subsequently deployed hosts.
For example, setting privilege-elevation credentials for a host group:
$ ssh-mgr-client set-credentials -d usage=elevate,username=root,\
password=example_password,hostgroup='Linux Hosts',\
label=elevation_credentials
As previously mentioned, you will typically need to specify the elevation command and the elevation conversation to finalize privilege-elevation setup. This can be done with commands similar to the following:
$ ssh-mgr-client set-host-group-setting -d \
category=secure,name=elevate_command,value="/opt/quest/bin/pmrun /bin/sh" \
-I 'hostgroup="Linux Hosts"'
$ ssh-mgr-client set-host-group-setting -d \
category=secure,name=elevate_conversation,\
value="[['password:','{passphrase}'],['Request granted',null]]" \
-I 'hostgroup="Linux Hosts"'
The value for the elevate_conversation must be provided in JSON format.
You can also set the privilege-elevation settings via the Key Manager GUI. For an example about setting up privilege-elevation settings via the GUI, see Example – Adding an Agentless Host that Uses Privilege Elevation.