|Applies To||RSA Product Set: RSA NetWitness Logs & Network; Security Analytics|
RSA Product/Service Type: Security Analytics SFTP Agent, Log Collector, Core Appliance, Log Hybrid, All-in-One, Security Analytics UI
Platform: SFTP Agent running on Windows, Log Collector running on CentOS 6 Linux
|Issue||When attempting to configure the SFTP Agent on a Windows Server to send logs to Security Analytics Log Collector for File Collection following the instructions in the Security Analytics User Guide, errors similar to the example below is displayed.|
|Cause||As instructed in the Private Key Issues section in the SFTP Agent Installation Guide, part of the resolution may be regenerating a new key pair using the puttygen.exe application.|
Another reason may be that the sshd service on the appliance running the Log Collector service may be pointing to a different authorized_keys location.
The sshd service on the Log Collector running Security Analytics 10.4.0.2 may have its keys in the /upload/.ssh/authorized_keys directory.
Updating the Event Source SSH Key via Security Analytics UI at version 10.4.0.2 adds the public key to the /home/upload/.ssh/authorized_keys directory.
See the Security Analytics User Guide for more information.
|Workaround||To resolve the issue, perform one of the workarounds below.|
Copy the new keys that were added via the Security Analytics UI to the appropriate directory on the Log Collector appliance and set the permissions.
NOTE: This can be done automatically by running the /etc/netwitness/ng/logcollector/lctwin script on the Log Collector appliance.