Linux SSH
  • 3 minutes to read
  • Print
  • Share
  • Dark
    Light

Linux SSH

  • Print
  • Share
  • Dark
    Light

The Linux Secure Shell (SSH) adapter uses remote command execution over the SSH protocol to gather information about the endpoint Linux machine, including:

  • Hostname
  • Network Interfaces - including MAC addresses, IP addresses and subnets
  • Operating system, kernel version and distribution
  • List of installed software
  • Users and admin users
  • Hard drives and file systems
  • CPUs and RAM
  • Hardware details, including serials
  • and more...

Most of the information fetched from the Linux SSH adapter is also displayed under the various General Data tables.
For more details, see Device Profile screen.

NOTE
The Linux SSH adapter is a 'read only' adapter. The adapter only gathers information about the endpoint Linux machine and does not change it.

It is safe to use the adapter to fetch information from production environments.

The Linux adapter uses the following Linux commands:

  • cat
  • df
  • dmidecode
  • dpkg
  • echo
  • ip
  • lsb_release
  • md5sum - If you provide MD5 file list in the Linux SSH adapter advanced settings.
  • rpm
  • sudo - If Sudoer option is selected. For details, see below.
  • uname


The Linux SSH adapter reads the following files from the endpoint:

  • /etc/redhat-release
  • /proc/meminfo
  • /etc/passwd
  • Each file from the MD5 file list provided in the Linux SSH adapter advanced settings. The list must include file path, separated by comma (',')


The Linux SSH adapter connection requires the following parameters:

  1. Host name - DNS Address or IP of the linux machine
  2. User Name - The SSH user name to connect with
  3. Password - A password for the SSH user, if exists. If specified, the password is used for authentication.
    In addition:
    • If you choose the Sudoer option and user password is required to execute privileged commands - the specified password is used to execute sudo command.
    • If you choose the Sudoer option and no user password is required to execute privileged commands - leave blank.

For authentication, you must specify at least password or private key, but you can also specify both.

  • Private Key - A private key for the SSH user. If specified, the private key is used for authentication. For authentication, you must specify at least password or private key, but you can also specify both
  • Private Key Passphrase (optional) - Specify a private key passphrase if the private key is protected by a passphrase
  • SSH Port (optional) - The SSH port. By default and also if not specified, port 22 is used
  • Sudoer - Select this if the user is listed as a sudoer and can execute privileged commands (by using the sudo command).
    Hardware information such as serials, CPUs and bios versions are fetched only when the specified user can run dmidecode command.
    If the Sudoer option is not selected, the Linux SSH adapter will usually fail to run that command (unless the specified user is the superuser). Therefore, the hardware information will not be fetched.
    If the Sudoer option is selected, the Linux SSH adapter will try to run sudo dmidecode command. The user password will be used, if required.
  1. Sudo Path - Specify an absolute path (/path/to/sudo) of a binary to use for sudo'ing to the root user.

    • If provided, when the command line is executed it will be prefixed with the value supplied
    • If not provided, when the command line is executed it will be prefixed with "sudo".
  2. Choose Instance - if you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes

image.png

NOTE
The adapter configuration and logic is also used in the Run Linux SSH Scan enforcement action.
Was this article helpful?