https://github.com/osquery/osquery logo
Join Slack
Powered by
hey guys can anyone guide me. Anyone using Render ...
# fleet
j
hey guys can anyone guide me. Anyone using Render as your deployment environment? I'm trying to turn MDM on for Windows and I'm stuck
d
Hey @Jay Vee, what part are you getting stuck on?
j
hey @Dale Ribeiro, so it says that I can't turn MDM on unless I configure with a certificate and key pair first and I figure that I can create an Environment Variable but I am unsure of where to go next. I tried running ssh-keygen to create the keypair and cert but I get a not found error. I apologize if the solution is simple, I tried searching but couldn't find anything.
good day @Dale Ribeiro any update on this one?
d
Have you come across our article for setting up Windows MDM here? It goes step by step including generating the certificate and key. You'll want to use 
openssl genrsa
rather than 
ssh-keygen
j
thanks I've gone through these steps but when I tried the openssl genrsa command I still get a not found
I also created the files on my Windows PC as instructed in this guide and tried to SSH into the fleet web service on Render and was unable to. was receiving a this account is not available and the connection gets closed
k
What's the exact error you are seeing? You may need to install openssl.
j
client_global_hostkeys_prove_confirm: server gave bad signature for ED25519 key 0: incorrect signature This account is not available Connection to ssh.oregon.render.com closed.
Good day guys. Any thoughts?
k
Ah, sorry, I missed that the current hurdle is that you cannot ssh in. Try adding 
-o UpdateHostKeys=no
to your ssh command.
j
when I added that command I only get the later part of the error message: This account is not available Connection to ssh.oregon.render.com closed.
b
I too have questions; I've generated the certificate and key, per the article, using my Windows Desktop. I've placed the cert and key on the server and updated the configuration file. I've successfully turned on the MDM. However, my one and only client says that MDM Status is "off" and the "MDM Server URL" is blank on the client. What am I missing?
j
Any new ideas guys?
k
@Jay Vee just to make sure we're looking at this from the right angle, Why are you trying to SSH in to the Fleet server?
j
I'm trying to upload the cert and key file or did I misunderstand the instructions?
k
Ah. You can pass the contents of the keys to Fleet by setting environmental variables: https://fleetdm.com/guides/windows-mdm-setup#:~:text=Step%202%3A%20Configure%20Fleet%20with%20your%20certificate%20and%20key
j
Ah ok. Let me try that
@Kathy Satterlee thank you so much. That worked flawlessly. I was able to turn on MDM without issues. I have one more question. I know that Render is touted as a quick proof of concept but how many hosts would it support before I start to see deterioration in service. Also if I were to add multiple machines would I need to install Docker on each system to enroll it into Render?
k
You should be good for a few hosts, but you'll likely start running over Render's memory limits quickly. It will depend a lot on the number of queries you're running, and software inventory for those hosts. Docker isn't required on each host, it's just needed for generating the installer package. Once you've created that, you can distribute it to your hosts.
f
šŸ‘‹ jumping on this thread as I didn't see it answered elsewhere: ā€¢ "You should be good for a few hosts", what's a few? I'm assuming 70-100 is beyond the capacity? ā€¢ What does the render -> AWS migration look like if/when we need to switch in future? Thanks in advance for your time & attention šŸ™‚
36 Views
Open in Slack
PreviousNext
Powered by