Using SSH keys with Palo Alto networks firewalls

Question:

We use SSH keys with Palo Alto networks firewalls. Anything special we need to do when adding these devices to Indeni?


Answer:

Indeni uses both CLI over SSH and the Palo Alto Networks API to retrieve data from PANW devices. Normally, Indeni would use the SSH username and password you provide to auto-generate an API key and access the API. Since you are using an SSH key, you would need to provide two credentials.


In the 6.0 user interface, go to the Devices tab, then click on Credential Sets. Choose the credential set you will be using with the Palo Alto Networks firewall devices (or create a new one), and add an SSH Private Key credential. Then, add another credential (in the same set), of type “Username + Password”. In the checkboxes, keep only HTTPS checked (clear the SSH one). This way, Indeni will know to use the username and password provided to generate the API key.