NVE: How to Allow root SSH Access On a NetWorker Virtual Edition
摘要: This KB provides instructions on how to enable direct root access to a NetWorker Virtual Edition (NVE) appliance. Similar instructions can be found in the NetWorker Virtual Edition Deployment Guide. ...
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
說明
By default, you cannot use SSH to log in to the NVE appliance with the root account. This is intended as a security measure to prevent unauthorized root access. You must connect using the admin account and then `sudo su -` to log in as root. If the root and admin credentials differ, it would not be possible to breach the root account unless both account passwords are known. NVE direct root access is possible through a console connection (for example: VMware Web Console Connection). NVE administrators can allow direct root SSH access, but must do so at their own discretion.
Copying logs directly off the NVE with a Secure Copy Protocol (SCP) agent is easier with the root account, but you can also use the admin account. You must place the files in a directory the admin user has access to (for example: /space or /tmp). Ensure that the files have read access for the admin user:
sudo chmod 744 /path/to/file
- NetWorker (Linux): How to copy files to/from a Linux NetWorker server.
- NVE: Upgrade or Install Failure Triage Guide
- NVE: How to change OS passwords
You can enable root SSH access using one of two methods:
1. Enable global root SSH access. This allows root SSH access from any network.
2. Enable "restricted" (match address) root SSH access. This allows root SSH access only from specified IP addresses or networks.
NOTE: NVE security rollups may change the settings in the
sshd configuration file to improve security. Direct root SSH access may be revoked after performing an OS security rollup. In which case, the settings outlined in this KB must be reapplied.
Global Access:
1. SSH to the NVE as admin, then switch to root:
sudo su -
2. Using vi edit the /etc/ssh/sshd_config file.
vi /etc/ssh/sshd_config
3. Look for the line PermitRootLogin line.
NOTE: There is a commented out line near the beginning of the file. You can leave this commented out. Go to the end of the file. Change
PermitRootLogin no to PermitRootLogin yes.
Example:
PermitRootLogin yes
Match Address ::1,127.0.0.1,127.0.0.1,::1,192.168.9.101,fe80::250:56ff:fea5:80ff
PermitRootLogin yes
Match all
4. Save the file:
Hit [ESC] then enter :wq!
5. Restart the sshd service:
systemctl restart sshd
You can now log in as root during NVE SSH access.
Restricted IP/network SSH Access:
1. SSH to the NVE as admin, then switch to root:
sudo su -
2. Using vi edit the /etc/ssh/sshd_config file.
vi /etc/ssh/sshd_config
3. Look for the line Match Address line, near the end of the file.
4. Update the Match Address line to include a specific IP or network IP/Subnet address.
Example:
PermitRootLogin no
Match Address ::1,127.0.0.1,127.0.0.1,::1,192.168.9.101,fe80::250:56ff:fea5:80ff,192.168.9.0/24
PermitRootLogin yes
Only systems on the 192.168.9.0 network have root SSH access. Root SSH access from other networks to the NVE are denied. Similarly you can specify single IP addresses instead of a network address.
5. Save the file:
Hit [ESC] then enter :wq!
6. Restart the sshd service:
systemctl restart sshd
You can now log in as root during NVE SSH access, but only from the addresses or networks specified.
See the NetWorker Virtual Edition Deployment Guide for additional instructions.
受影響的產品
NetWorker產品
NetWorker Family, NetWorker Series文章屬性
文章編號: 000225152
文章類型: How To
上次修改時間: 30 4月 2025
版本: 4
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。