ADM User's Guide
6
Listener (passive)
7
IP Discovery (passive)
SSH
Secure Shell (SSH) is a standard protocol for secure remote access to UNIX‐like operating systems. SSH servers
are built into most Linux distributions, Mac OS‐X, Sun Solaris, OpenBSD, and most other UNIX‐like operating
systems. SSH servers from various vendors are also available for Windows.
Remote access to a host that runs an SSH server starts by authenticating the client's identity. After the client
identity is authenticated, an encrypted communication channel opens. The client can then examine files and
run commands on the server host. The privileges and permissions of the client are determined by the server
according to its identity. For example, if the client uses a guest account with few privileges, most of the
information is not available to this user.
SSH has two versions. Version 2 is normally in use, while version 1 is less recommended. Since SSH clients and
servers automatically detect each other's versions and coordinate their communications, no action is required.
Detail Discovery with SSH
ADM uses SSH to access hosts that run SSH servers, and to obtain information about the operating system,
hardware, and software installed on the server host.
Both SSH versions 1 and 2 are supported automatically with no user interaction. Authentication is based on
specifying a user name and password to use when accessing the managed hosts; these are stored by ADM
internally in an encrypted form.
SSH Server Deployment Recommendations
Firewall Settings
SSH queries are normally performed on TCP port 22 on the server. If a firewall exists between the ADM
appliance and the monitored network, this port needs to be open for connections initiated by the ADM
appliance.
SSH Server Settings
Discovery with SSH of servers running the OpenSSH server (sshd) requires that the ʺPasswordAuthenticationʺ
field contain the value "yes" in the server settings file (often, /etc/ssh/sshd_config). In some operating
systems, such as SuSE, the default is "no" and needs to be changed for the SSH discovery to complete.
Credentials
Detail discovery with SSH is based on accessing the managed host with a predefined user name and password.
For more information on necessary privileges, download the document discovery_coverage.xls from:
http://downloads.vmware.com/Application Discovery Manager
I
It is not recommended to use the user "root" for security reasons.
MPORTANT
If ADM is used to discover configuration of services such as application servers, databases, and web servers,
this user might need more read privileges if the configuration files of these services are not accessible by
ordinary users.
For example, in some sites, the Oracle database server is installed and run with a special "oracle" user
belonging to a special "oracle" group. The configuration files for the server might only be readable by users in
the "oracle" group. Having ADM use a user in this group would allow it to access these files and retrieve
valuable and detailed configuration information that is otherwise unavailable.
38
VMware, Inc.