I would like to test a CentOS system with OpenSCAP run from my Windows PC. The problem is that I can ssh to the CentOS with keyfile only, as per company policy. I did not find whether SCAP workbench supports this. Can it be done or I need ssh password?
Asked
Active
Viewed 413 times
2 Answers
1
At least on scap-workbench 1.2.1 you can run the scan with Dry run toggled and this will give you the command line to be executed for the scan. With this command line you can override ssh options using the variable as seen in the oscap-ssh help:
To supply additional options to ssh/scp, define the SSH_ADDITIONAL_OPTIONS variable For instance, to ignore known hosts records, define SSH_ADDITIONAL_OPTIONS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
And from ssh options you can use the option -i identity_file to provide the filepath of the private key you want to use for authentication.
In the end you will have something like:
$ export SSH_ADDITIONAL_OPTIONS='-i /path/to/private/key'
$ oscap-ssh root@192.168.11.12 22 xccdf eval --datastream-id scap_org.open-scap_datastream_from_xccdf_ssg-fedora-xccdf-1.2.xml --xccdf-id scap_org.open-scap_cref_ssg-fedora-xccdf-1.2.xml --profile xccdf_org.ssgproject.content_profile_ospp --oval-results --results /tmp/xccdf-results.xml --results-arf /tmp/arf.xml --report /tmp/report.html /tmp/scap-workbench-XDOICh/ssg-fedora-ds.xml
Becker
- 21
- 2
0
It may be very late but I also ran into the same problem so I just added my key to ssh-agent so that I don't need to specify key to ssh command...on my mac I just checked the agent using ssh-agent command, which showed me that it's running and then I used ssh-add <path-to-key-file> to add the key (once added you can run ssh-add -l to list they added keys).
And next time when you run your workbench it will automatically try the added key to ssh to the remote instance.
ajay
- 1
- 1