ServiceNow discovery is capable of using SNC SSH which has support for newer cipher algorithms, and is more reliable than J2SSH. SNCSSH supports:
- Key Exchange Algorithms: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group1-sha1
- Signature Algorithms: ssh-dss, ssh-rsa
- Client-to-Server Cipher Algorithms: aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, none
- Client-to-Server MAC Algorithms: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-md5-96
- Client-to-Server Compression Algorithms: none
The mid.property.ssh.use_snc will determine if snc ssh will be used for probe-based discovery.
The mid.sa.ssh.use_sncssh will determine if snc ssh will be used for patterns-based discovery.
Customers who have upgraded from older versions where J2SSH was the default library will not be forced to use SNC SSH and will need to manually enable SNC SSH if they wish to use it.
We recommend that you take the following actions to enable SNC SSH for discovery:
- Log into your instance as an admin
- Go to Mid Servers > Properties (/ecc_agent_property_list.do)
- Create/Configure the following properties:
-mid.property.ssh.use_snc = true
-mid.sa.ssh.use_sncssh = true
Version from Kingston onwards