No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eLog V200R007C10 Installation Guide

Describes the installation process of product software. Includes plans, environmental requirements, and procedures for installation, as well as commissioning procedures.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How to Enable or Disable Root Remote Connection

How to Enable or Disable Root Remote Connection

This section describes how to enable or disable root remote connection.

Context

Only the root user can install or uninstall the eLog software. The security hardening process disables the root user from remotely connecting to servers. Therefore, after security hardening, the user cannot install the eLog by remotely connecting to the server. If you need to install the eLog using a remote connection, enable the root remote connection function.

Enabling root remote connection is insecure. After the installation is complete, disable root remote connection as soon as possible. The omm account can be used to remotely connect to the server for other operations.

It is recommended to add graphical tools such as VNC Server to firewall exceptions while enabling root remote connection, which is convenient for subsequent use. For details, see Using the VNC to Remotely Log In to the Server GUI and Adding Exceptions on the Firewall.

Enabling Root Remote Connection

  1. Log in to the server through the iBMC port.
  2. Right-click the desktop and choose Open in Terminal from the shortcut menu to access the CLI.
  3. Modify the /etc/ssh/sshd_config file to set PermitRootLogin to yes.

    1. Run the vi command to access the editing page.
      # vi /etc/ssh/sshd_config            
    2. Press i to switch the vi editor to the insert mode.
    3. Set PermitRootLogin to yes.
      NOTE:

      The SFTP service is disabled during system hardening. In scenarios involving the SFTP service, such as system installation, upgrade, and patch installation, enable the SFTP service as follows:

      Find #Subsystem sftp internal-sftp -l INFO -f AUTH and delete the comment tag (#) at the beginning.

    4. Press Esc to switch the vi editor to the command line mode.
    5. Press : to switch the vi editor to the last line mode, enter wq, press Enter, save the configuration, and exit from the vi editor.

  4. Restart the sshd service.

    # service sshd restart

Disabling Root Remote Connection

  1. Right-click the desktop and choose Open in Terminal from the shortcut menu to access the CLI.
  2. Modify the /etc/ssh/sshd_config file to set PermitRootLogin to no.

    1. Run the vi command to access the editing page.
      # vi /etc/ssh/sshd_config            
    2. Press i to switch the vi editor to the insert mode.
    3. Set PermitRootLogin to no.
      NOTE:

      Disable the SFTP service:

      Find Subsystem sftp internal-sftp -l INFO -f AUTH and add a comment tag (#) at the beginning.

    4. Press Esc to switch the vi editor to the command line mode.
    5. Press : to switch the vi editor to the last line mode, enter wq, press Enter, save the configuration, and exit from the vi editor.

  3. Restart the sshd service.

    # service sshd restart

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1100073937

Views: 8105

Downloads: 16

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next