Hello folks,

Is it possible to disable ssgconfig user and directly access Shell using root password !

I have to configure filebeat in api gateway and one remote server has to connect ca api gateway using ssh.

Please suggest.

If you need to enable ssh access for root user then update file /etc/ssh/sshd_config  @ below line

PermitRootLogin yes

Save and restart sshd service.

service sshd restart.

However enabling root ssh access is not recommonded due to security reasons.

Additionally you have add root account to ssh_allowed_users at /etc/ssh. But its a strict no to allow ssh access to root as mentioned earlier by Anand.

Hello Apoorvkapil ,

I believe you should be able to run filebeat with non-root user. 

Please keep in mind that enable root user will bring extra risk, particularly when the gateway can be accessed from internet.

(there was a case,  root user enabled in gateway on Azure, root user was locked due to 'someone' attempted to login as root, and failed too many times. The root user was not able to unlock due to Azure didn't allow direct access to GRUB. If you have to enable root user, you may think of key-based authentication)

Regards,

Mark

Thanks for Case  sharing zhijun.zhang .

Taking forward the discussion , What will be a good practice (in terms of security and accessibility).  if i configure LDAP to authenticate user  instead of ssgconfig ?

1 . Will any user be able to access API gateway menus or only root user will have that privilege to access API Gateway main Menu.

2.  What will happen if i need to update API gateway to any upcoming versions ?

Hello Zhijun He  anand.rudran Thanks for your comment.

I have one doubt , if i configure LDAP based authentication to API Gateway Image , will the ldap user be able to get access directly to Shell or do i still need to make changes in /etc/ssh/sshd_config file ?

you may want to try the steps mentioned here in the KB for that

Enabling LDAP(S) authentication and authorization for the Gateway configuration menu