ADM User’s Guide
38
VMware, Inc.
SSH
Secure
Shell
(SSH)
is
a
standard
protocol
for
secure
remote
access
to
UNIX
‐
like
operating
systems.
SSH
servers
are
built
into
most
Linux
distributions,
Mac
OS
‐
X,
Sun
Solaris,
OpenBSD,
and
most
other
UNIX
‐
like
operating
systems.
SSH
servers
from
various
vendors
are
also
available
for
Windows.
Remote
access
to
a
host
that
runs
an
SSH
server
starts
by
authenticating
the
client’s
identity.
After
the
client
identity
is
authenticated,
an
encrypted
communication
channel
opens.
The
client
can
then
examine
files
and
run
commands
on
the
server
host.
The
privileges
and
permissions
of
the
client
are
determined
by
the
server
according
to
its
identity.
For
example,
if
the
client
uses
a
guest
account
with
few
privileges,
most
of
the
information
is
not
available
to
this
user.
SSH
has
two
versions.
Version
2
is
normally
in
use,
while
version
1
is
less
recommended.
Since
SSH
clients
and
servers
automatically
detect
each
other’s
versions
and
coordinate
their
communications,
no
action
is
required.
Detail Discovery with SSH
ADM
uses
SSH
to
access
hosts
that
run
SSH
servers,
and
to
obtain
information
about
the
operating
system,
hardware,
and
software
installed
on
the
server
host.
Both
SSH
versions
1
and
2
are
supported
automatically
with
no
user
interaction.
Authentication
is
based
on
specifying
a
user
name
and
password
to
use
when
accessing
the
managed
hosts;
these
are
stored
by
ADM
internally
in
an
encrypted
form.
SSH Server Deployment Recommendations
Firewall Settings
SSH
queries
are
normally
performed
on
TCP
port
22
on
the
server.
If
a
firewall
exists
between
the
ADM
appliance
and
the
monitored
network,
this
port
needs
to
be
open
for
connections
initiated
by
the
ADM
appliance.
SSH Server Settings
Discovery
with
SSH
of
servers
running
the
OpenSSH
server
(sshd)
requires
that
the
ʺ
PasswordAuthentication
ʺ
field
contain
the
value
“yes”
in
the
server
settings
file
(often,
/etc/ssh/sshd_config
).
In
some
operating
systems,
such
as
SuSE,
the
default
is
“no”
and
needs
to
be
changed
for
the
SSH
discovery
to
complete.
Credentials
Detail
discovery
with
SSH
is
based
on
accessing
the
managed
host
with
a
predefined
user
name
and
password.
For
more
information
on
necessary
privileges,
download
the
document
discovery_coverage.xls
from:
http://downloads.vmware.com/Application
Discovery
Manager
If
ADM
is
used
to
discover
configuration
of
services
such
as
application
servers,
databases,
and
web
servers,
this
user
might
need
more
read
privileges
if
the
configuration
files
of
these
services
are
not
accessible
by
ordinary
users.
For
example,
in
some
sites,
the
Oracle
database
server
is
installed
and
run
with
a
special
“oracle”
user
belonging
to
a
special
“oracle”
group.
The
configuration
files
for
the
server
might
only
be
readable
by
users
in
the
“oracle”
group.
Having
ADM
use
a
user
in
this
group
would
allow
it
to
access
these
files
and
retrieve
valuable
and
detailed
configuration
information
that
is
otherwise
unavailable.
A
similar
scenario
might
also
occur
with
other
types
of
servers,
depending
on
how
they
are
installed.
However,
often
this
is
not
an
issue:
for
example,
in
the
default
installation
of
the
Apache
web
server
under
Red
Hat
Linux,
all
configuration
information
is
stored
in
a
location
that
is
readable
by
the
general
public
(under
the
/etc
branch
of
the
file
system).
In
such
cases,
no
group
memberships
are
required
for
ADM
to
be
able
to
read
this
detailed
configuration
.
I
MPORTANT
It
is
not
recommended
to
use
the
user
“root”
for
security
reasons.
Summary of Contents for VCENTER APPLICATION DISCOVERY MANAGER 6.1 - REPOSITORY
Page 6: ...ADM User s Guide 6 VMware Inc...
Page 14: ...ADM User s Guide 14 VMware Inc...
Page 16: ...ADM User s Guide 16 VMware Inc...
Page 24: ...ADM User s Guide 24 VMware Inc...
Page 30: ...ADM User s Guide 30 VMware Inc...
Page 54: ...ADM User s Guide 54 VMware Inc...
Page 74: ...ADM User s Guide 74 VMware Inc...