How to create read-only access account for SSH

book

Article ID: 140088

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

Is there a way to create read-only accounts that can SSH to the Layer7 VM/Appliance? We would like to be able to check service status, log files, and also maybe CPU/Memory/Storage usages without engaging another team. Is this possible? If so, how do we do it?

Environment

Release : 9.2

Component : API GTW ENTERPRISE MANAGER

Resolution

How to create read only SSH account to acces gateway

You can create a new user with limited access, that is able to review logs. There are two steps for doing so.

- First we create the user and assign a password to it:
# useradd -G gateway loguser1
# passwd loguser1
- Then, we add the user to the list of users allowed to connect through SSH:
# echo 'loguser1' >> /etc/ssh/ssh_allowed_users
# cat /etc/ssh/ssh_allowed_users
- After that you can login to gateway through SSH using loguser1 to review gateway logs.


By default, all members of gateway group; do have read-only access to gateway logs are stored under /opt/SecureSpan/Gateway/node/default/var/logs/ssg_*_*.log.