tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
356 stars 175 forks source link

Cannot Create SSH Credential #126

Closed crypticraven closed 5 years ago

crypticraven commented 5 years ago

I'm sending an SSH credential to Tenable.sc and receiving the following error from the API response: None:403 {"type":"regular","response":"","error_code":146,"error_msg":"The 'privilegeEscalation' field is invalid for Credential type 'ssh'\n","warnings":[],"timestamp":1559950009}

I'm not setting the privilege escalation property; reading the information it should be setting it to "none" anyways.

The method I have built: sc.credentials.create(credName, credType, auth_type, username = credUserName, description = description, tags = tag, thycotic_username = thyUser, thycotic_password=thyPass, thycotic_secret_name = thySecretName, thycotic_url = thyURL)

In this method credType = 'ssh' and auth_type = 'thycotic'

I receive this error in my production and test environments.

SteveMcGrath commented 5 years ago

can you provide the debug output? add the following lines:


import logging
logging.basicConfig(level=logging.DEBUG)
crypticraven commented 5 years ago

DEBUG:tenable.sc.TenableSC:path=credential, query={}, body={'username': 'ssh-UserName', 'description': 'Unix - Test-SSH service account', 'tags': 'Secret Server', 'thycotic_username': 'Thy_auth_name', 'thycotic_password': 'REDACTED', 'thycotic_secret_name': 'Tenable Credentials Test SSH', 'thycotic_url': 'https://secretserver/SecretServer/', 'name': '[Test-SSH-credential] - Unix - No Privledge Escalation', 'type': 'ssh', 'thycotic_ssl_verify': 'no', 'thycotic_private_key': 'no', 'authType': 'thycotic', 'privilegeEscalation': 'none'}
DEBUG:urllib3.connectionpool:https://tenableserver "POST /rest/credential HTTP/1.1" 403 172
ERROR:tenable.errors.APIError:POST https://tenableserver/rest/credential >> None:403 {"type":"regular","response":"","error_code":146,"error_msg":"The 'privilegeEscalation' field is invalid for Credential type 'ssh'\n","warnings":[],"timestamp":1560181399}```
SteveMcGrath commented 5 years ago

Interesting. It matches the docs. I'll have to investigate.