UpGuard Diary - Post 1: Connect and scan a Linux server using SSH

Posted by Alistair Pialek

Having just started working for UpGuard as a software engineer my journey understanding UpGuard and its place in the IT automation ecosystem is just beginning. This places me in a unique position to provide a series of blog posts that will start from the ground up in getting started with UpGuard. Today we'll work through the steps required to connect and scan a Ubuntu linux server using SSH.

Step 1: Create an Account

Self explanatory, right?

Create Free Account

Step 2: Add a Node

Once you have created your UpGuard account and logged in, we will need to add a node to scan by clicking the Add Node button.

addnode-1

Select the *nix option as the operating system type that we will be adding will be a Ubuntu linux box.

os

Next, select the SSH option. 

node_add_install_choice

Next, enter the connection details of your node. Enter a display name and your node's hostname or ip address into the hostname/ip field. Remember that this is the internet facing hostname or IP address of the node. The username of the user you wish UpGuard to scan nodes under should be provided in the username field. A best practice here is to create a 'UpGuard' user. By default, SSH connects on port 22, but if your node is accepting SSH connections on a different port, then enter this port number in the port field. (Leave blank to default to port 22).

ssh_form

Step 3: Add the UpGuard public key to authorized keys

For our servers to communicate with yours, you need to add our public key to your authorized keys file. You can do this with a simple one line command shown in step 2. Simply copy the command found in the box under step 2 (screenshot above) and paste it into the console of your server under the user account you wish UpGuard to connect as. For example, to allow UpGuard to connect to my node under the user UpGuard, I would log into that machine as the UpGuard user and paste the command. This appends our public key to that user's SSH authorized keys file.

You should now be ready to scan your machine. Return back to the register and scan node window on the website and click Continue and you should now see your machine register with UpGuard. The node scan can take anywhere from 5 seconds to 3 minutes depending on the complexity of your node and the operating system type. Once complete, you can click the View and Compare Scan button to view the finished scan.

scan

If adding a node via SSH is proving difficult, or your security policies do not allow an inbound connection of this type, then we recommend you install the Agent on your node instead. In contrast to SSH mode, which uses inbound connections, the Agent exclusively uses outbound network connections over the common HTTPS port (443). Connecting via the Agent is the topic of the second post in this series.

Our support page covers troubleshooting adding a node via SSH if you require additional support documentation. Full instructions on installing the Agent, including how to use them when a proxy server is in place, can be found here. Please contact us via the Support tab in the web portal if you are experiencing any problems. 

UpGuard Customers