ManagementCenter reject ssh access if use non-admin user.
Article ID: 192324
Updated On:
Products
Symantec
Issue/Introduction
I'm using 2 security function to access for MagementCenter(MC).
I am able to access for MC to use MC_admin HTTPS and SSH.
But MC reject MC_admin's SSH access when I enable ACL function.
- Local user (Added "MC_admin" from GUI Administration>USERS>Add user)
- ACL(Permit from IP address 192.168.1.50 service HTTPS adn SSH)
I am able to access for MC to use MC_admin HTTPS and SSH.
But MC reject MC_admin's SSH access when I enable ACL function.
Environment
Release :2.4.1.2
Component :CLI Management access
Cause
The reasoning is the non-admin CLI authentication is forwarded to MC process on port 8082 (HTTPS) .
By default MC doesn't have local HTTPS access.
By default MC doesn't have local HTTPS access.
Resolution
Please add local HTTPS access from CLI.
bccm_2_3-6-x86_64(config)# acl rule 127.0.0.1/32 HTTPS
After add your will see below acl rule.
-----------------------------------------------------------------------------
bccm_2_3-6-x86_64# show running-config acl
acl
enable
rule 192.168.1.50 HTTPS
rule 192.168.1.50 Management
rule 127.0.0.1/32 Failover
rule 127.0.0.1/32 HTTP
rule 127.0.0.1/32 HTTPS
rule 127.0.0.1/32 SNMP
rule ::1/128 Failover
rule ::1/128 HTTP
rule ::1/128 SNMP
!
bccm_2_3-6-x86_64#
-----------------------------------------------------------------------------
bccm_2_3-6-x86_64(config)# acl rule 127.0.0.1/32 HTTPS
After add your will see below acl rule.
-----------------------------------------------------------------------------
bccm_2_3-6-x86_64# show running-config acl
acl
enable
rule 192.168.1.50 HTTPS
rule 192.168.1.50 Management
rule 127.0.0.1/32 Failover
rule 127.0.0.1/32 HTTP
rule 127.0.0.1/32 HTTPS
rule 127.0.0.1/32 SNMP
rule ::1/128 Failover
rule ::1/128 HTTP
rule ::1/128 SNMP
!
bccm_2_3-6-x86_64#
-----------------------------------------------------------------------------
Feedback
Yes
No
Powered by
