Nodegrid OS and access through the PAM Delinea Secret Server (part 1)
The Nodegrid OS is compatible with the Delinea secret server, providing seamless integration for secure credential management and session handling from within the secret server. This article briefly discusses the following operations performed from the Delinea server on the Nodegrid OS:
- Set up a password changer and a session launcher.
- Use the Delinea Web Password Filler.
In a second article, we shall see the:
- Set-up a remote password change for managed devices. Article: "Nodegrid OS and access through the PAM Delinea Secret Server (part 2)"
Set up a password changer and a session launcher
In this section, we will learn how to perform password rotation on Nodegrid OS.
No configurations are required on the Nodegrid OS side, nor is there a minimum version requirement. The only necessary step is to configure the Delinea Secret Server with the applicable commands to execute password changes once it successfully logs into the device.
A remote password changer can be added if password changes are to be executed directly through the command-line interface (CLI).
This tutorial is also compatible with Private Key usage, although not explicitly mentioned.
Adding a custom Password Changer to the Nodegrid OS
Follow these steps to assign a custom password changer to the Nodegrid OS:
1. On the Delinea server, access the path: Administration > Secrets > Configuration > General and click on Remote Password Changing
2. Click Create Password Changer.
3. From the drop-down list Base Password Changer select the field Unix Account Custom (SSH).
4. Enter the name as NodegridOS CLI and click Save.
5. On Password Change Commands, change the first command from passwd to change_password. In the end, you must have:
6. Click on Back
Creating a Secret Template
Follow these steps to create a secret template.
1. Access the path: Administration > Actions > Secret Templates
Attention: This path is on the Secret Server panel. If you have followed the last steps, you’re already on it.
2. Click Create Template.
3. Check the Import XML box.
4. Paste the NodegridOS (CLI).xml (available at the end of this document) and click on Save.
5. Click Mapping.
6. Under Password Changing, click on Edit.
7. Check the Enable RPC box.
8. Select NodegridOS CLI on Password Type to use the drop-down.
9. For Machine Name, select IP or Hostname.
10. For Password, select Password.
11. For User Name, select Username.
In the end, you must have:
12. Click on Save.
Adding a Session Launcher
If you want to add a Launcher, follow the next steps. Otherwise, go to the next section.
1. Click on Add Mapping.
2. On Mapping Type, select PuTTY.
3. For Host, select IP or Hostname.
4. For Password, select Password.
5. For Port, select SSH Port.
6. For Username, select Username.
7. Click on Save.
Assigning Secrets
Access the path Secrets > All Secrets to assign the secret.
Attention: This path is on the Secret Server panel. If you have followed the last steps, you’re already on it. If you’re on Delinea panel, access the path: Vault > All Secrets.
Adding a new Secret
In case one does not have a machine added, follow these steps to add. Otherwise, jump to step next section to check how to edit an existing machine.
1. Click on Create Secret.
2. Select the NodegridOS (CLI) template.
3. On Secret Name, add a name you want to represent the device.
4. On IP or Hostname, set the IP to your device.
5. On Username, set an admin user (default: admin).
6. On Password, set the current password for the machine.
7. On SSH Port, set the SSH port of your device (default:22).
8. Click on Create Secret.
Editing an existing Secret
To edit an existing secret:
1. Click on the name of the secret you want to edit.
2. On Secret Template, click on the edit icon.
3. Remap Machine to IP or Hostname, Username to Username, and Password to Password.
4. Back on Basic Information, change the SSH Port to your device’s SSH port.
You are now ready to use a remote password changer and PuTTY Launcher from Delinea!
NodegridOS (CLI).xml (Secret Template) is in the attachment (part 1) -1.
Use the Delinea Web Password Filler
Creating a Secret Template with the Web Password Filler
First, you need to create a secret template with the required variables to log in on Nodegrid Web UI. To do this, follow the next steps:
1. Access the path: Administration > Actions > Secret Templates.
Attention: This path is on the Secret Server panel. If you’re on the Delinea panel, access the path: Administration > Secrets > Actions (Core Actions) > Secret Templates.
2. Click Create Template.
3. Check Import XML box.
4. Paste the NodegridOS (WEB).xml (available at the end of this document) and click Save.
It is sufficient to add a Secret through the browser extension, in a similar way to Bitwarden or any other password management vault, where Delinea’s browser extension can fill the password on the selected fields. If you want to add a Website Login launcher, keep it in the NodegridOS (WEB) secret template page and follow step 5.
Adding a Website Login launcher
With the Website Login launcher, you can open the website and allow the extension to automatically fill in the fields. Since the secret template is already configured, all the necessary variables are already mapped and ready to use.
1. Click on Add Mapping.
2. On Mapping Type, select Website Login.
3. For URL, select URL.
4. For Password, select Password.
5. For Username, select Username.
6. Click Save.
NodegridOS (WEB).xml (Secret Template) is in the attachment "part1-2".
Related Articles
Nodegrid OS and access through the PAM Delinea Secret Server (part 2)
Using Delinea, you can configure credentials for managed devices on the Nodegrid platform. The primary objective of this setup is to access the Device Manager (host) and assign credentials for the specified Managed Device (guest), ensuring that the ...Nodegrid Manager Installation in ESXi 5
Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process: Creating a virtual machine; Booting from the ISO file in order to install the software; Restarting and booting from the newly created ...Nodegrid Manager Installation in ESXi 6
Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process: Creating a virtual machine; Booting from the ISO file in order to install the software; Restarting and booting from the newly created ...Connecting a Raritan/Servertech Pro4 to Nodegrid OS for console access
Connecting a Raritan/Servertech Pro4 (iX9 controller) to Nodegrid OS for console access To have console access to a Raritan/Servertech Pro4, you will need: 1 x Male USB A to Male USB B cable Connecting the Raritan/Servertech Pro4 to the Nodegrid ...DHCP Server Lease Management
Nodegrid version 5.10.x provides better visibility into your DHCP network and offers a new feature ease management of your DHCP network. You can find these improvements under Tracking-->Network-->DHCP. The DHCP section here is now split between ...