Open topic with navigation

Using the Restricted Shell

The restricted support login provides a limited SSH-accessible shell in which the KeyControl administrator can gather diagnostic information. It is disabled by default.

  2. Log in as root on a server hosting one of the KeyControl nodes in the cluster.

    KeyControl displays the System Console Menu TUI (Text-based User Interface).

  3. Select Manage Support Accounts and press Enter.
  4. On the HyTrust SecureOS Manage Support Accounts page, select Enable and set password for Restricted Support Login and press Enter.
  5. Select OK and press Enter to confirm the request.

  6. On the Change Restricted Support password page, enter the password for the restricted shell. When you are done, select OK and press Enter.

    The HyTrust SecureOS Manage Support Accounts page should show that Restricted support login is now enabled.

  7. Use SSH to log into port 6666 on the KeyControl node. The username is support and the password is the one that was specified above. For example:

    $ ssh -p6666 support@keycontrol1

  8. Enter the onhost command with any of the following arguments:

    Command

    Description
    ps Process status.
    ls List directory contents.
    df Display free space.
    iostat Report I/O statistics.
    netstat Show network status.
    procstat Get detailed process information.
    logbundle

    Generate support log bundle. The additional options are:

    • --cores — Include the KeyControl core files.
    • --no-audit — Do not include the audit log.
    • --passphrase=secret — Encrypt the bundle with an AES 256-bit key using the provided passphrase.

    For example, to display the free disk space, you would enter:

    # onhost df

    To create a log bundle that is encrypted with the password Hytrust123! and that does not include the audit log, you would enter:

    # onhost logbundle --no-audit --passphrase=Hytrust123!

Open topic with navigation