Network devices are scanned using SSH. Our SSH connection manager public key can either be added to the devices SSH authorized keys file or a username/password can be supplied. A satellite SSH connection manager can be deployed behind your firewall to avoid exposing SSH ports.


  1. To scan a Network Device node via SSH click the Add Nodes subnavigation button under the Discover heading.


  2. Locate the Network Device you want to scan. You can use the search bar to narrow down possible options. Click the node type, then click Go Agentless.


  3. The Add Node details form will then appear and will allow you to specify connection details for your network device.


    Field Description
    Connection Manager Group The CM group that will be used to connect to the network device.
    Node Name The name you want to assign to this node in UpGuard.
    Hostname/Ip Address The hostname or IP address used to connect to the device.
    SSH Port An optional port to connect to, defaults to 22.
    Username The username used to authenticate into the network device over SSH.
    Enable secondary password If specified, allows the connection manager to be able to elevate from the initial login shell into a elevanted shell to be able to execute commands.
    Credential type Either select SSH Key or specify a Password to authenticate into the network device.
  4. Click Scan Node to complete the node’s registration process and initiate a node scan.

Scan Details

Data retrieved for network device scanning is treated slightly differently to that retrieved for servers for the simple reason that network device configuration is (more typically) file, rather than component, based. Here is an example scan workflow (simplified) for a Cisco device.


  1. UpGuard connects to the device over SSH.
  2. Both stored and running configs are extracted and returned to the site.
  3. Configs are parsed to allow display both as files and objects to be displayed in the UpGuard graph visualization.


From one UpGuard scan you get four different views of your network device’s configuration (again, if the device supports both).

Stored vs Running Configuration

Check the navigation on the node show page for both stored and running versions of your device’s configuration. Running configuration is denoted by an (R).


Object vs File View

From the node show page you can access the traditional file based view of your device’s configuration from the File button.


This will take you to the file view page.


The object based view is what you see displayed in the main information window.



The above flexibility in configuration display means you get multiple ways of differencing configuration data.

You can difference:

  • Device to device
  • Stored vs Running on a single device
  • Over time on a single device

You can also difference using both the default view object view and the file content view.

network-devices-differencing-01 network-devices-differencing-02

What Next?

Once you have your network devices scanning you can set up Alerting on Changes or assign some Policies.

Tags: ssh