Connecting to the syslog-ng Store Box (SSB) locally or remotely using Secure Shell (SSH) allows you to access the console menu of SSB. The console menu provides access to the most basic configuration and management settings of SSB. It is mainly used for troubleshooting purposes, the primary interface of SSB is the web interface.
NOTE: Detailed host information is displayed in the shell prompt:
The format of the bash prompt is:
(firmware_type/HA_node/hostname)username@HA_node_name:current_working_directory#
For example:
(core/master/documentation-ssb)root@ssb1:/etc#
-
firmware_type is either boot or core
-
HA_node is either master or slave
-
hostname is the FQDN set on the GUI
-
username is always root
The console menu is accessible to the root user using the password set during completing the Welcome Wizard.
Figure 89: The console menu
The console menu allows you to perform the following actions:
-
Change the passwords of the root and admin users, change the GRUB (GRand Unified Bootloader) password.
-
Access the local core and boot shells. This is usually not recommended and only required in certain troubleshooting situations. In a high-availability cluster, you can also access the boot shell of the remote node.
-
Access the network-troubleshooting functions and display the available log files.
-
Reboot and shut down the system. In a high-availability cluster, you can also reboot or shutdown the remote node, or initiate a take over.
-
Enable and disable sealed mode. For more information, see Sealed mode.
-
Set the IP address of the HA interface.
This option is not available on virtual appliances, or if your SSB license does not include the HA option. If High Availability (HA) operation mode is required in a virtual environment, use the HA function provided by the virtual environment.
NOTE: Note that logging in to the console menu automatically locks the SSB interface, meaning that users cannot access the web interface while the console menu is used. The console menu can be accessed only if there are no users accessing the web interface. The connection of web-interface users can be terminated to force access to the console menu.
On the secondary node of a high-availability cluster, the console menu is limited to troubleshooting and diagnostic functions (for example, you cannot change passwords or manage sealed mode).
Exclusively for troubleshooting purposes, you can access the syslog-ng Store Box (SSB) host using SSH. Completing the Welcome Wizard automatically disables SSH access. To enable it again, complete the following steps:
|
Caution:
Accessing the SSB host directly using SSH is not recommended nor supported, except for troubleshooting purposes. In such case, the One Identity Support Team will give you exact instructions on what to do to solve the problem. |
Enabling the SSH server allows you to connect remotely to the SSB host and login using the root user. The password of the root user is the one you had to provide in the Welcome wizard. For details on how to change the root password from the web interface, see Changing the root password of SSB.
To enable SSH access to the SSB host
-
Navigate to Basic Settings > Management > SSH settings.
Figure 90: Basic Settings > Management > SSH settings — Enabling remote SSH access to SSB
-
Select the Enable remote SSH access option.
NOTE: Remote SSH access is automatically disabled if Sealed mode is enabled. For details, see Sealed mode.
-
Set the authentication method for the remote SSH connections.
-
To enable password-based authentication, select the Enable password authentication option.
-
To enable public-key authentication, click in the Authorized keys field, click and upload the public keys of the users who can access and manage SSB remotely via SSH.
-
Click .
The SSH server of SSB accepts connections only on the management interface if the management interface is configured. If the management interface is not configured, the SSH server accepts connections on the external interface. If possible, avoid enabling the SSH server of SSB when the management interface is not configured. For details on enabling the management connection, see Configuring the management interface.
The root password is required to access syslog-ng Store Box (SSB) locally, or remotely via an SSH connection. Note that the password of the root user can be changed from the console menu as well. For details, see Accessing the SSB console.
To change the root password of SSB
-
Navigate to Basic Settings > Management > Change root password.
Figure 91: Basic Settings > Management > Change root password — Changing the root password of SSB
-
Enter the new password into the New root password and Confirm password fields. The password must meet the requirements of the AAA > Settings > Password settings > Minimal password strength option.
NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:
! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | } \ _ ~ |
-
Click .
The GRUB (GRand Unified Bootloader) password is required to access the boot loader of syslog-ng Store Box (SSB). Note that the GRUB password can be changed from the console menu as well. For details, see Accessing the SSB console.
NOTE: From version 7.2.0 it is required to enter a username and a password to change SSB boot settings or to enter the boot loader console for troubleshooting.
Enter the following username when prompted by GRUB:
The default password for the root user is:
One Identity recommends changing the default GRUB password if you have updated SSB from a version prior to 7.2.0.
For more information about changing the GRUB password, see Changing the GRUB password of SSB or Using the console menu of SSB.
To change the GRUB password of SSB
-
Navigate to Basic Settings > Management > Change GRUB password.
Figure 92: Basic Settings > Management > Change GRUB password — Changing the GRUB password of SSB
-
Enter the new password into the New GRUB password and Confirm GRUB password fields. The password must meet the requirements of the AAA > Settings > Password settings > Minimal password strength option.
NOTE: The syslog-ng Store Box (SSB) appliance accepts passwords that are not longer than 150 characters. The following special characters can be used:
! " # $ % & ' ( ) * + , - . / : ; < > = ? @ [ ] ^ - ` { | } \ _ ~ |
-
Click .