Setting up ssh keys for remote CIS-CAT assessment

Owned by Chris Boldiston, created
Last updated: Dec 19, 2023 by Allan Cornwell
1 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

Mar 18, 2021

 

Problem

What are the steps needed to setup ssh keys for CIS-CAT remote assessment?

Solution

CIS-CAT Ubuntu server (as user cis);

  1.  Generate rsa key in PEM format (no passphrase) ssh-keygen -t rsa -m PEM

  2.  Copy key to target system ssh-copy-id cis@3.133.121.21

  3.  Configure sessions.properties

session.2.type=ssh

session.2.host=3.133.121.21

session.2.user=cis

session.2.identity=/home/cis/.ssh/id_rsa

session.2.port=22

session.2.tmp=/var/tmp 

Target Ubuntu server (3.133.121.21)

  1.  Add user cis as member of wheel group sudo usermod -aG wheel cis

  2. Edit /etc/sudoers and uncomment this line so user cis will NOT be prompted for a password when sudoing;

%wheel        ALL=(ALL)       ALL

 Test connection from CIS-CAT server to target

$ sudo ./Assessor-CLI.sh -test

------snip-------

Attempting to load the default sessions.properties, bundled with the application.

Obtaining session connection --> cis@3.133.121.21:22

Connection established.  Test Successful; Disconnecting.

Exit Code 0

 

Note that this information is provided only for testing and validating key based ssh assessments. Please read the CIS-CAT documentation for more options.

Keywords;

Related Content

Copyright © 2020

Center for Internet Security®