OpenSCAP ssh with keyfile
Solution 1:
At least on scap-workbench 1.2.1 you can run the scan with Dry run
toggled and this will give you the command line to be executed for the scan. With this command line you can override ssh options using the variable as seen in the oscap-ssh help:
To supply additional options to ssh/scp, define the SSH_ADDITIONAL_OPTIONS variable For instance, to ignore known hosts records, define SSH_ADDITIONAL_OPTIONS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
And from ssh options you can use the option -i identity_file
to provide the filepath of the private key you want to use for authentication.
In the end you will have something like:
$ export SSH_ADDITIONAL_OPTIONS='-i /path/to/private/key'
$ oscap-ssh [email protected] 22 xccdf eval --datastream-id scap_org.open-scap_datastream_from_xccdf_ssg-fedora-xccdf-1.2.xml --xccdf-id scap_org.open-scap_cref_ssg-fedora-xccdf-1.2.xml --profile xccdf_org.ssgproject.content_profile_ospp --oval-results --results /tmp/xccdf-results.xml --results-arf /tmp/arf.xml --report /tmp/report.html /tmp/scap-workbench-XDOICh/ssg-fedora-ds.xml