ManagementCenter reject ssh access if use non-admin user.

book

Article ID: 192324

calendar_today

Updated On:

Products

Management Center - VA

Issue/Introduction

I'm using 2 security function to access for MagementCenter(MC).

  • Local user (Added "MC_admin" from GUI Administration>USERS>Add user)
  • ACL(Permit from IP address 192.168.1.50 service HTTPS adn SSH)

I am able to access for MC to use MC_admin HTTPS and SSH.
But MC reject MC_admin's SSH access when I enable ACL function.

Cause

The reasoning is the non-admin CLI authentication is forwarded to MC process on port 8082 (HTTPS) .
By default MC doesn't have local HTTPS access.

Environment

Release :2.4.1.2

Component :CLI Management access

Resolution

Please add local HTTPS access from CLI.

bccm_2_3-6-x86_64(config)# acl rule 127.0.0.1/32 HTTPS

After add your will see below acl rule.

-----------------------------------------------------------------------------
bccm_2_3-6-x86_64# show running-config acl
acl
  enable
 rule 192.168.1.50 HTTPS
 rule 192.168.1.50 Management
 rule 127.0.0.1/32 Failover
 rule 127.0.0.1/32 HTTP
 rule 127.0.0.1/32 HTTPS
 rule 127.0.0.1/32 SNMP
 rule ::1/128 Failover
 rule ::1/128 HTTP
 rule ::1/128 SNMP
!
bccm_2_3-6-x86_64#
-----------------------------------------------------------------------------