NVE: How to Allow root SSH Access On a NetWorker Virtual Edition
Summary: This KB provides instructions on how to enable direct root access to a NetWorker Virtual Edition (NVE) appliance. Similar instructions can be found in the NetWorker Virtual Edition Deployment Guide. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
By default, you cannot use SSH to log in to the NVE appliance with the root account. This is intended as a security measure to prevent unauthorized root access. You must connect using the admin account and then `sudo su -` to log in as root. If the root and admin credentials differ, it would not be possible to breach the root account unless both account passwords are known. NVE direct root access is possible through a console connection (for example: VMware Web Console Connection). NVE administrators can allow direct root SSH access, but must do so at their own discretion.
Copying logs directly off the NVE with a Secure Copy Protocol (SCP) agent is easier with the root account, but you can also use the admin account. You must place the files in a directory the admin user has access to (for example: /space or /tmp). Ensure that the files have read access for the admin user:
sudo chmod 744 /path/to/file
- NetWorker (Linux): How to copy files to/from a Linux NetWorker server.
- NVE: Upgrade or Install Failure Triage Guide
- NVE: How to change OS passwords
You can enable root SSH access using one of two methods:
1. Enable global root SSH access. This allows root SSH access from any network.
2. Enable "restricted" (match address) root SSH access. This allows root SSH access only from specified IP addresses or networks.
NOTE: NVE security rollups may change the settings in the
sshd configuration file to improve security. Direct root SSH access may be revoked after performing an OS security rollup. In which case, the settings outlined in this KB must be reapplied.
Global Access:
1. SSH to the NVE as admin, then switch to root:
sudo su -
2. Using vi edit the /etc/ssh/sshd_config file.
vi /etc/ssh/sshd_config
3. Look for the line PermitRootLogin line.
NOTE: There is a commented out line near the beginning of the file. You can leave this commented out. Go to the end of the file. Change
PermitRootLogin no to PermitRootLogin yes.
Example:
PermitRootLogin yes
Match Address ::1,127.0.0.1,127.0.0.1,::1,192.168.9.101,fe80::250:56ff:fea5:80ff
PermitRootLogin yes
Match all
4. Save the file:
Hit [ESC] then enter :wq!
5. Restart the sshd service:
systemctl restart sshd
You can now log in as root during NVE SSH access.
Restricted IP/network SSH Access:
1. SSH to the NVE as admin, then switch to root:
sudo su -
2. Using vi edit the /etc/ssh/sshd_config file.
vi /etc/ssh/sshd_config
3. Look for the line Match Address line, near the end of the file.
4. Update the Match Address line to include a specific IP or network IP/Subnet address.
Example:
PermitRootLogin no
Match Address ::1,127.0.0.1,127.0.0.1,::1,192.168.9.101,fe80::250:56ff:fea5:80ff,192.168.9.0/24
PermitRootLogin yes
Only systems on the 192.168.9.0 network have root SSH access. Root SSH access from other networks to the NVE are denied. Similarly you can specify single IP addresses instead of a network address.
5. Save the file:
Hit [ESC] then enter :wq!
6. Restart the sshd service:
systemctl restart sshd
You can now log in as root during NVE SSH access, but only from the addresses or networks specified.
See the NetWorker Virtual Edition Deployment Guide for additional instructions.
Affected Products
NetWorkerProducts
NetWorker Family, NetWorker SeriesArticle Properties
Article Number: 000225152
Article Type: How To
Last Modified: 30 Apr 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.