Using the Restricted Shell

The restricted support login provides a limited SFTP-accessible shell in which the KeyControl administrator can gather diagnostic information. It is disabled by default.

1. Use your hypervisor to access one of the VMs in which KeyControl is running, then log into the KeyControl VM console as htadmin. KeyControl displays the Entrust KeyControl System Console TUI (Text-based User Interface).
2. Select Manage Accounts and press Enter.

3. On the Manage Accounts page, select htrestricted (read only support access) and press Enter.

   The TUI displays the Manage the htrestricted account page.

   Note: If the account is currently enabled, KeyControl displays that information along with the date on which the current restricted support password will expire. If you want to set a new password, select Yes at this prompt and then return to step 2.

4. Select Yes and press Enter to confirm the request.

5. Enter the password for the htrestricted support account. When you are done, select OK and press Enter, then press Enter again to confirm the request.

6. Use SFTP to log into the htrestricted account on the KeyControl node using the password you specified above.

   Tip: Windows users can use WinSCP to access the htrestricted account via SFTP.

   The following example shows how to log into the restricted shell and navigate to the directory containing the latest support bundles. The first bundle contains the logs for the current node only, while the second bundle contains the logs from all nodes in the cluster:

   $ sftp htrestricted@10.238.66.250
   htrestricted@54.193.4.110's password: 
   Connected to htrestricted@54.193.4.110.
   sftp> cd support/logs/node_logs
   sftp> ls
   htkc_dbginfo_kc-250.domain.mycompany.com_2019-07-03-21-27-57.tar.gz
   sftp> cd ../cluster_logs
   sftp> ls
   htkc_cluster_dbginfo_2019-07-03-21-29-11.tar.gz    
   sftp>

   For details about using the restricted shell, contact Entrust Support.