CA API GatewayAPI SECURITYCA API Gateway Precision API Monitoring Module for API Gateway (Layer 7)CA API Gateway Enterprise Service Manager (Layer 7)STARTER PACK-7CA Microgateway
Issue/Introduction
Is there a way to create read-only accounts that can SSH to the Layer7 VM/Appliance? We would like to be able to check service status, log files, and also maybe CPU/Memory/Storage usages without engaging another team. Is this possible? If so, how do we do it?
Environment
Release : 9.2
Component : API GTW ENTERPRISE MANAGER
Resolution
How to create read only SSH account to acces gateway
You can create a new user with limited access, that is able to review logs. There are two steps for doing so.
- First we create the user and assign a password to it: # useradd -G gateway loguser1 # passwd loguser1 - Then, we add the user to the list of users allowed to connect through SSH: # echo 'loguser1' >> /etc/ssh/ssh_allowed_users # cat /etc/ssh/ssh_allowed_users - After that you can login to gateway through SSH using loguser1 to review gateway logs.
By default, all members of gateway group; do have read-only access to gateway logs are stored under /opt/SecureSpan/Gateway/node/default/var/logs/ssg_*_*.log.