Authentication
Being able to manage multiple DynamiteNSM instances remotely is critical for large scale deployments.
The auth service allows users to control which hosts can remotely manage a local instance.
The service provides the ability to install Authentication Packages created on one or more remote manager machines.
Once installed, the remote machine can invoke dynamite commands on enabled instances.
$ sudo dynamite auth -h
usage: dynamite [-h] {install,uninstall} ...
Dynamite Authentication Manager @ 192.168.86.222
positional arguments:
{install,uninstall}
install Install a remote manager authentication package.
uninstall Uninstall a remote manager authentication package.
Before you Begin
Disambiguation
The dynamite auth command that should be invoked on the machine you wish to control from an external host. It is responsible for installing
an authentication package generated by the separate, dynamite-remote utility.
The dynamite-remote utility is a self-contained script that also ships with dynamite-nsm. The utility
allows administrators to create Authentication packages that once installed on remote instances allow remote management.
The dynamite-remote script works on most *NIX operating systems with openssh-client installed.
Generate an Authentication Package
The dynamite-remote utility generates key-pairs then packages the public key along with some helpful
metadata into an archive that can be installed on any instance with both openssh-server and dynamite-nsm installed.
dynamite-remote create --name agent-lab-lan --host agent.lab.local --description "Lab Environment Agent - Zeek and Suricata
Copy the agent.lab.local.tar.gz to your remote node using a tool such as scp.
Authentication Package Installation
sudo dynamite auth install --archive agent.lab.local.tar.gz
Remote Command Execution
On the manager you should now be able to run commands like the one below.
dynamite-remote execute nsm-es "agent -h"
⚠️Always encapsulate the
commandin quotes to preventdynamite-remotefrom misinterpreting commandline flags.