Home  Prev  InCenter 2.2.5 On-Premises Administration Guide  Next

Chapter 3: InCenter Access

This chapter describes how the InCenter server can be accessed for InCenter system management (for host OS access see Section 17.1, Host OS CLI Access). The access methods available for the InCenter system are the following:

The above methods are discussed in detail in the sections that follow.

As mentioned previously in Chapter 2, Installation , it should be noted that the InCenter system CLI cannot be accessed via the virtual machine console. Only the host operating system CLI can be accessed in this way. InCenter CLI access is only possible using SSH.

Changing the Management IP Address and Using IPv6

The IP address used for connection to InCenter can be changed using a host operating script called staticIP.sh and this script is provided in the InCenter software installation package. Using the script is described in Section 17.9, Scripts.

Wherever IPv4 addresses are used in InCenter, IPv6 addresses can be used instead. This is true of management access. However, IPv6 addresses can only be used if the related Ethernet interface is allocated an IPv6 address using the staticIP.sh script.

3.1. SSH Access to the CLI

To access the InCenter CLI, use an SSH client (several third party clients are available, both open source and commercial) and connect to the InCenter server.

[Note] Note: Supported SSH and SFTP clients

InCenter supports the following client versions for SSH and SFTP access:

  • PuTTY versions 0.61 to 0.64.

  • OpenSSH versions 6.6 and 7.3.

Initial SSH Access Using Default Credentials

The initial default username and password for the InCenter CLI are always admin and admin (note that these are different with host OS access which is described in Section 17.1, Host OS CLI Access). It is recommended that the password for the admin user account is changed as soon as possible by the administrator.

The IP address for SSH access is always displayed in the console of the virtual machine when InCenter starts and the port number for access is always the standard SSH port number of 22 (this number cannot be changed).

Assume that the management IP address is 192.168.98.14. A typical login sequence using an SSH client console would be the following: 

login as: admin
admin@192.168.98.14's password: admin
------------------------------------------------------------
Welcome to the InCenter CLI
Logged in as: Default admin user
------------------------------------------------------------
admin@InCenter:/>

The final prompt indicates that the InCenter CLI is now available. The first thing to do is add a Clavister Next Generation Firewall so that it becomes controlled by InCenter. This is explained in the next section.

[Note] Note: The admin password must be changed

After logging in for the first time and making any configuration change, the default system behavior is that the system will require that the admin password is changed to a stronger password before allowing a second login. This behavior is explained further in Section 9.3, User Password Policy.

Customizing SSH Parameters

It is possible to customize the parameters for SSH connection through the CLI. For example, to change the SSH timeout, the commands would be the following: 
admin@InCenter:/> cc Settings  
admin@InCenter:/Settings> set SSH SessionTimeout=60

The following SSH properties can be changed in the same way:

  • Enabled - If SSH based management access is allowed. Default value: True

  • SessionTimeout - Number of minutes of inactivity before a timeout. Default value: 20

  • MaxSimultaneousSessions - Simultaneous sessions allowed. Default value: 20

  • AllowCLI - Allow SSH CLI access. Default value: Yes

  • AllowSCP - Allow SCP transfers. Default value: Yes

  • AllowSFTP - Allow SFTP transfers. Default value: Yes

Customizing other aspects of SSH access, such as changing the host key, is discussed in Section 3.6, SSH Server Management.

SSH Access Using Public Key Authentication

Instead of using username and password credentials, it is possible to set up SSH access to InCenter using public key authentication. This means that a correctly configured SSH client could log into the InCenter CLI automatically and also perform SFTP and SCP operations to InCenter without needing credentials to be entered.

To set this up in InCenter, the following steps are required:

  1. Upload the public key for authentication to InCenter using SCP or SFTP.

  2. Log in to the InCenter CLI using username and password credentials.

  3. The key file for SSH authentication should be in openssh format. Open this file and copy the public key to the system clipboard ready for pasting into the InCenter CLI.

  4. Now, use the user command to set the key. The -id parameter specifies the name of the user and -publicKeys is set to a comma separated list of one or more ssh keys (copied from the openssh public key file in the previous setep) in one set of quotes. For example: 

    admin@InCenter:/> user -update -id=admin -publicKeys="<public-key>"

  5. Activate the change.

  6. Set up the SSH client for public key authentication using the private key file that matches the public key uploaded in the first step.

Home  Prev   Next