Previous Topic: How the AM Remote Agent Is Displayed in the Computer Properties DialogNext Topic: Non Resident Inventory

Customizing Asset ManagementConfiguring Plink on a Windows Remote Agent Host

Configuring Plink on a Windows Remote Agent Host

The Client Automation AM remote agent installs and uses Plink (PuTTY Link) as an SSH client to communicate with most types of remote hosts. However, the first time that Plink connects as a given user to a new target it displays the host key and, as a security measure, interactively asks if the host is legitimate. Obviously, the AM remote agent does not support such interactivity with a user, so you must first reassure Plink before gathering inventory.

Since Plink saves the remote host’s key in the registry, you can generate such a registry entry for a convenient login user and then save the same key under the LocalSystem account that the asset management agent runs as.

To generate a registry entry and save the host key under the LocalSystem account

  1. If it has not been done already, generate a public and private SSH key pair using PuTTYgen, for example, and install the public key on the remote target.
  2. As a normal login user, run Plink in a command window to the remote host(s) for which inventory is to be gathered, using something like the following: 
    "C:\Program Files\CA\DSM\Agent\units\00000001\uam\plink" -ssh -i "private_key_file" root@target ls

    The variable private_key_file is the absolute path of the file, and target is the remote host name. Adjust the Plink path if Client Automation is installed at some other location.

  3. If PuTTY says that the server’s host key is not cached in the registry and asks if you want to add the key, respond affirmatively. The command (ls in this example) should now run successfully. If not, check the SSH key files and repeat if necessary.
  4. Search for the cached key in the registry using regedit or some other registry editor. Look under HKEY_CURRENT_USER\Software\SimonTatham\putty\SshHostKeys. Export this key to a temporary file.
  5. Edit the export file by replacing all occurrences of HKEY_CURRENT_USER by the LocalSystem SID, HKEY_USERS\S-1-5-18. Save the edited file.
  6. In regedit, import the edited file.
  7. Check that the HKEY_USERS\S-1-5-18\Software\SimonTatham\putty\SshHostKeys key contains an entry for the remote host.

Plink must be configured for each remote host for which the AM remote agent gathers inventory; so connect to all remote hosts in order to generate host keys, and then run the above export-import procedure once.

If you suspect that Plink may not be configured correctly for the LocalSystem account, run the asset management agent (“caf start amagent”), wait for all AM processes to finish, and then examine the trace file, TRC_UAM_amvminvux_*.log. Search for “The server's host key is not cached in the registry.” If you find such an error, Plink is not correctly configured. Also, if you see the "Access denied" error in the trace file, this usually means a problem with the credentials used to access the remote host, for example, an incorrect password or SSH key.

Note: For detailed information about Plink, refer to the PuTTY/Plink manual on the following website: http://www.chiark.greenend.org.uk/~sgtatham/putty/docs.html