4.3 Managing SSH on Storage Servers

You can control remote SSH access to Exadata storage servers. By default, SSH is enabled on storage servers.

Two storage server CELL attributes control remote SSH access:

  • accessLevelPerm: This attribute specifies the default cell access level. This setting applies at all times unless overridden by accessLevelTemp.

  • accessLevelTemp: This attribute specifies a temporary access level for a specified duration. During the specified duration, accessLevelTemp overrides accessLevelPerm. After the specified duration expires, the cell access level reverts back to the accessLevelPerm value. This attribute is typically used to enable a scheduled maintenance operation, such as a software update.

The accessLevelPerm and accessLevelTemp attributes permit the following access level settings:

  • remoteLoginEnabled: SSH service is enabled. You can access the cell using SSH or ExaCLI. This is the default value for accessLevelPerm.

  • remoteLoginDisabled: SSH service is disabled.

    If the SSH service is disabled, you can still perform operations on the storage server using ExaCLI, which runs on the database servers and communicates using HTTPS and REST APIs to a web service running on the storage server.

    When you need to perform operations that require remote login to the storage server, you can temporarily unlock the storage server. After the operation is complete, you can relock the storage server.

  • remoteLoginEnabledRootLoginDisabled: SSH service is enabled, but remote root login is not permitted. This setting enables remote SSH access to the storage server using the celladmin and cellmonitor operating system (OS) user accounts while disabling remote root access.

    This setting compliments the enhanced default security measures introduced in Oracle Exadata System Software release 26.1.0, which prevent the celladmin and cellmonitor storage server OS users from performing unnecessary and potentially damaging OS commands, either accidentally or maliciously. See Enhanced Default Security Settings for Storage Server Operating System Users.

    Note:

    remoteLoginEnabledRootLoginDisabled may only be specified starting with Oracle Exadata System Software release 26.1.0.

Regardless of the setting, the current access level persists across storage server reboots.

Parent topic: Keeping the Oracle Exadata Secure

4.3.1 Locking a Cell

You lock a cell by setting its accessLevelPerm attribute to remoteLoginDisabled.

You must use a user that has the privilege to alter the accessLevelPerm attribute.

  1. Grant the necessary privileges to a user.

    On the storage server, run these commands:

    cellcli> create role administrator
cellcli> grant privilege all actions on all objects all attributes with all options to role administrator
cellcli> create user celladministrator password=*
cellcli> grant role administrator to user celladministrator
  2. Run ExaCLI as the celladministrator user and run the ALTER CELL command:
    $ exacli -l celladministrator -c exam08cel01
Password=********

exacli> alter cell accessLevelPerm = remoteLoginDisabled

Parent topic: Managing SSH on Storage Servers

4.3.2 Unlocking a Cell Temporarily

You can unlock a locked storage server, or cell, for a specified time period to perform scheduled maintenance or upgrades that require SSH login to the storage server.

You can specify the start time of a temporary access window and how long it should last by using the ALTER CELL command to set the accessLevelTemp attribute.

The accessLevelTemp attribute includes the following properties:

  • accessLevel: (Mandatory) Specifies the access level using one of the following values:

    • remoteLoginEnabled: SSH service is enabled for all remote logins.

    • remoteLoginDisabled: SSH service is disabled.

    • remoteLoginEnabledRootLoginDisabled: SSH service is enabled, but remote root login is not permitted.

      Note:

      remoteLoginEnabledRootLoginDisabled may only be specified starting with Oracle Exadata System Software release 26.1.0.

  • startTime: Specifies when the access level window starts. The time is specified in the ISO 8601 format: "yyyy-MM-ddTHH:mm:ssZ". You can also specify the keyword now to indicate that the specified access level should start immediately. The default value for this attribute is now.

  • duration: Specifies how long the access level window should last. The default value is 2h (2 hours).

    You can specify the duration as a number of minutes, hours, or days using the following suffixes:

    • m: for minutes. For example, to specify 90 minutes, use 90m.
    • h: for hours. For example, to specify 1 hour, use 1h.
    • d: for days. For example, to specify 3 days, use 3d.

    You can also use composite values. For example, to specify 1 day and 12 hours, use 1d12h.

  • reason: Specifies a reason for changing the access level. For example: "Performing an upgrade". The default value is none.

Note the following:

  • Only one temporary access window is allowed at any time. An error is displayed if you create a new temporary access window when one is currently active.

  • To modify a future temporary access window that is not yet active, run the ALTER CELL command with a new accessLevelTemp setting. In this case, the new setting replaces the previous definition.

  • You can modify an existing temporary access window to change the duration or reason (or both). To do this, run the ALTER CELL command and specify the accessLevelTemp setting using the exact start time that was used to create the existing temporary access window, along with the updated duration or reason (or both).

Example 4-1 Creating a Temporary Access Window

The following example creates a two-hour temporary access window that starts immediately. The command uses the default values for start time and duration.

exacli> ALTER CELL accessLevelTemp=((accessLevel="remoteLoginEnabled", -
                   reason="Quarterly maintenance"))

Example 4-2 Creating a Temporary Access Window in the Future

The following example creates a 30 minute temporary access window beginning on June 20, 2026, at 1:01 AM.

exacli> ALTER CELL accessLevelTemp=((accessLevel="remoteLoginEnabled", -
                   startTime="2026-06-20T01:01:00-07:00",              -
                   duration="30m",                                     -
                   reason="Quarterly maintenance"))

Example 4-3 Extending a Temporary Access Window

The following example extends the temporary access window created in the previous example to 5 hours. Note that the start time must match the window that is being adjusted.

exacli> ALTER CELL accessLevelTemp=((accessLevel="remoteLoginEnabled", -
                   startTime="2026-06-20T01:01:00-07:00",              -
                   duration="5h",                                      -
                   reason="Quarterly maintenance window extended to 5 hrs"))

Example 4-4 Deleting a Temporary Access Window

The following example deletes the temporary access window. If the temporary access window is currently active, it is closed immediately and the access level will be set back to the permanent access level. If the temporary access window is in the future and not yet active, it is canceled.

exacli> ALTER CELL accessLevelTemp=''

Parent topic: Managing SSH on Storage Servers

4.3.3 Unlocking a Cell Permanently

You can unlock a cell by setting its accessLevelPerm attribute to remoteLoginEnabled.

You must use a user that has the privilege to alter the accessLevelPerm attribute.

  1. Start ExaCLI as a user that has the privilege to alter the accessLevelPerm attribute.

    For example:

    $ exacli -l celladministrator -c exam08cel01
Password=********

exacli>
  2. Run the ALTER CELL command to set the accessLevelPerm attribute to remoteLoginEnabled.

    For example:

    exacli> alter cell accessLevelPerm=remoteLoginEnabled
Cell exam08cel01 successfully altered

Parent topic: Managing SSH on Storage Servers

4.3.4 Checking the Current Access Level for a Cell

View the accessLevelPerm and accessLevelTemp attributes for a cell to determine the current access level.

  • To see what the current access level is, use the LIST CELL command.
    exacli> LIST CELL ATTRIBUTES name,accessLevelPerm,accessLevelTemp

Parent topic: Managing SSH on Storage Servers

4.3.5 Access Level Alerts from the Management Server

A stateless alert is generated when the accessLevelPerm attribute is modified.

A stateful alert is generated when the accessLevelTemp window is created. An alert email is sent out when the accessLevelTemp window is activated. The alert is cleared when the window expires.

Parent topic: Managing SSH on Storage Servers

4.3.6 Managing SSH Equivalence for Storage Server OS Users

Starting with Oracle Exadata System Software release 26.1.0, Exadata administrators can configure SSH equivalence for the celladmin and cellmonitor storage server operating system (OS) user accounts using CellCLI commands. This capability removes the requirement for root access to configure SSH equivalence and complements the ability to disable root SSH access.

To configure SSH equivalence for a storage server OS user account, use the CellCLI CREATE SSHEQUIVALENCE command. The command requires two arguments:

  • LOGINUSERNAME: Specifies the storage server OS user account, either celladmin or cellmonitor.

  • PUBLICKEY: Specifies the public key to associate with the specified storage server OS user account.

For example:

CellCLI> CREATE SSHEQUIVALENCE LOGINUSERNAME=cellladmin,PUBLICKEY="ssh-rsa
AAAAB3NzaC1yc2EAAA...ADAQABAAACAQDgFUOhS"

At any time, Exadata administrators can view existing SSH equivalence configuration details using the LIST SSHEQUIVALENCE command.

For example:

CellCLI> LIST SSHEQUIVALENCE attributes loginusername,publickey
CellCLI> LIST SSHEQUIVALENCE where loginusername=celladmin

If required, configuration details for SSH equivalence can be removed from a storage server using the DROP SSHEQUIVALENCE command.

For example:

CellCLI> DROP SSHEQUIVALENCE where loginusername=cellmonitor
CellCLI> DROP SSHEQUIVALENCE ALL

Related Topics

Parent topic: Managing SSH on Storage Servers