Layer7 API Management

Expand all | Collapse all

Disable ssgconfig user in CA API Gateway Appliance !!

Jump to Best Answer
  • 1.  Disable ssgconfig user in CA API Gateway Appliance !!

    Posted 05-26-2017 04:04 AM

    Hello folks,

     

    Is it possible to disable ssgconfig user and directly access Shell using root password !

     

    I have to configure filebeat in api gateway and one remote server has to connect ca api gateway using ssh.

     

    Please suggest.



  • 2.  Re: Disable ssgconfig user in CA API Gateway Appliance !!
    Best Answer

    Posted 05-26-2017 10:59 AM

    If you need to enable ssh access for root user then update file /etc/ssh/sshd_config  @ below line

    PermitRootLogin yes

    Save and restart sshd service.

    service sshd restart.

    However enabling root ssh access is not recommonded due to security reasons.



  • 3.  Re: Disable ssgconfig user in CA API Gateway Appliance !!

    Posted 05-28-2017 12:53 AM

    Additionally you have add root account to ssh_allowed_users at /etc/ssh. But its a strict no to allow ssh access to root as mentioned earlier by Anand.



  • 4.  Re: Disable ssgconfig user in CA API Gateway Appliance !!

    Posted 05-28-2017 07:20 PM

    Hello Apoorvkapil ,

    I believe you should be able to run filebeat with non-root user. 

     

    Please keep in mind that enable root user will bring extra risk, particularly when the gateway can be accessed from internet.

     

    (there was a case,  root user enabled in gateway on Azure, root user was locked due to 'someone' attempted to login as root, and failed too many times. The root user was not able to unlock due to Azure didn't allow direct access to GRUB. If you have to enable root user, you may think of key-based authentication)

     

    Regards,

    Mark



  • 5.  Re: Disable ssgconfig user in CA API Gateway Appliance !!

    Posted 06-21-2017 06:47 AM

    Thanks for Case  sharing zhijun.zhang .

    Taking forward the discussion , What will be a good practice (in terms of security and accessibility).  if i configure LDAP to authenticate user  instead of ssgconfig ?

     

    1 . Will any user be able to access API gateway menus or only root user will have that privilege to access API Gateway main Menu.

    2.  What will happen if i need to update API gateway to any upcoming versions ?



  • 6.  Re: Disable ssgconfig user in CA API Gateway Appliance !!

    Posted 05-29-2017 04:58 AM

    Hello Zhijun He  anand.rudran Thanks for your comment.

     

    I have one doubt , if i configure LDAP based authentication to API Gateway Image , will the ldap user be able to get access directly to Shell or do i still need to make changes in /etc/ssh/sshd_config file ?



  • 7.  Re: Disable ssgconfig user in CA API Gateway Appliance !!

    Posted 05-29-2017 05:04 AM

    you may want to try the steps mentioned here in the KB for that

    Enabling LDAP(S) authentication and authorization for the Gateway configuration menu