Define SSH Host Credentials

With the Secure Socket Shell (SSH) host credential, you can run custom and industry-standard assessments.

An SSH host credential enables you to run custom or industry standard compliance assessments. You first configure the credential store, and then add the SSH host credential to the credential store. Note that the credential global name must be the reserved value emcosComplianceCred. On the host where the Oracle Cloud Agent is installed, perform the following steps from the agent installation directory (such as <AGENT_BASE_DIR>/agent_inst/bin):

Before you begin to create a SSH Host Credential, create and save a JSON file, for example cred.json, with your credential information as follows.

  • Option 1: SSH Key (Recommended)

        "name": "<HOST_NAME>-HostSSHCreds",
        "type": "AsAgentCreds",
        "globalName": "emcosComplianceCred",
        "description": "SSH Credential for the host agent",
        "disabled": false,
        "properties": [
         { "name":"USERNAME", "value":"CLEAR[oracle]" },
         { "name":"SSH_PVT_KEY", "value":"FILE[<YourUsername>/.ssh/id_rsa]" },
         { "name":"SSH_PUB_KEY", "value":"FILE[<YourUsername>/.ssh/]" }
  • Option 2: Password

        "description":"SSH Credential for the host agent",
        "disabled": false,
          { "name":"USERNAME", "value":"CLEAR[YourUsername]"},
          { "name":"PASSWORD", "value":"CLEAR[YourPassword]"}


  • HOST_NAME is the fully qualified name of your host. For example:

  • Name is any name for your credential. We recommend that you name this credential your host name followed by HostSSHPwdCreds. For example:

  • YourUsername is the username used as your SSH credential.

  • YourPassword is the password for your SSH credential.

  • All other field values must remain as listed. They are reserved values.

Create a SSH Host Credential:

  1. Login as the user who installed the agent.

    $ su oracle

  2. Stop the agent.

    $ omcli stop agent

  3. Configure the agent to use a wallet-based credential store.

    $ omcli add_credential_store agent -no_password 

  4. Start the agent.

    $ omcli start agent

  5. Add the credential to the credentials store.

    $ omcli add_credentials agent -credential_file cred.json -allow_entityless

  6. Verify that the credential was installed correctly.
    $ omcli list_credentials agent 
    Oracle Management Cloud Agent Copyright (c) 1996, 2018 Oracle Corporation. All rights reserved.
    Credential Name Type Entity Global Name Usage
    HostSSHPwdCreds ( "emcosComplianceCred"


If the SCAP benchmark or custom rules require root access, make sure YourUsername and YourPassword have root privileges. SCAP benchmark rules require administrator privileges to evaluate configuration information owned by and restricted to the root user.

Many benchmarks require elevated privileges, either a root or a privileged user can run the benchmarks.


For the latest information on SSH Host Credentials, check My Oracle Support Configuration and Compliance Cloud Service Master Note 2223305.1 .