4.3 Disabling SSH on Storage Servers
If required, you can lock the storage servers to block SSH access. By default, SSH is enabled on storage servers.
If SSH access is blocked, you can still perform operations on the storage server using ExaCLI, which runs on the database servers and communicates using HTTPS and REST APIs to a web service running on the storage server.
When you need to perform operations that require you to log in to the storage server, you can temporarily unlock the storage server. After the operation is complete, you can relock the storage server.
Two CELL attributes control storage server locking:
-
accessLevelPerm
: This attribute specifies the access level at which the cell runs by default. It is eitherremoteLoginEnabled
orremoteLoginDisabled
.-
remoteLoginEnabled
: SSH service is enabled. You can access the cell using SSH or ExaCLI. This is the default value foraccessLevelPerm
. -
remoteLoginDisabled
: SSH service is disabled. You can access the cell only through ExaCLI.
-
-
accessLevelTemp
: The access level can be changed temporarily for a specified duration. After the duration has expired, the access level reverts back to theaccessLevelPerm
value. You typically change the cell's access level when the cell needs a software update.
The access level persists across storage server reboots.
- Locking a Cell
You lock a cell by setting itsaccessLevelPerm
attribute toremoteLoginDisabled
. - Unlocking a Cell Temporarily
You can unlock a locked storage server, or cell, for a short period of time to perform operations such as maintenance or upgrades that require SSH log in to the storage server. - Unlocking a Cell Permanently
You can unlock a cell by setting itsaccessLevelPerm
attribute toremoteLoginEnabled
. - Checking the Current Access Level for a Cell
View theaccessLevelPerm
andaccessLevelTemp
attributes for a cell to determine the current access level. - Access Level Alerts from the Management Server
A stateless alert is generated when theaccessLevelPerm
attribute is modified.
Parent topic: Keeping the Oracle Exadata Secure
4.3.1 Locking a Cell
You lock a cell by setting its accessLevelPerm
attribute to remoteLoginDisabled
.
You must use a user that has the privilege to alter the accessLevelPerm
attribute.
Parent topic: Disabling SSH on Storage Servers
4.3.2 Unlocking a Cell Temporarily
You can unlock a locked storage server, or cell, for a short period of time to perform operations such as maintenance or upgrades that require SSH log in to the storage server.
You can specify the start time of a temporary access window and how long it should last by using the ALTER CELL
command to modify the cell's accessLevelTemp
attribute.
Note the following:
- Only one temporary access window is allowed at any time. You will get an error message if you try to create a new temporary access window when one is already in effect. If the temporary access window is not yet active and is in the future, the newly created temporary access window will replace the one that is in the future.
- To modify a temporary access window that is in the future and not yet active, simply run the
ALTER CELL
command again with the new values. - To modify a temporary access window that is already in progress (for example, to extend the duration or to change the reason), run the
ALTER CELL
command again with the updated duration or reason. The command must provide the exact start time of the existing temporary access window to modify. The (start time + duration) must be in the future.
The accessLevelTemp
attribute has the following properties:
-
accessLevel
: (Mandatory) Specifies whether SSH is enabled (remoteLoginEnabled
) or disabled (remoteLoginDisabled
). You must provide a value for this attribute; there is no default value. -
startTime
: Specifies when the specified access level starts. The time is specified in the ISO 8601 format:"yyyy-MM-ddTHH:mm:ssZ"
. You can also specify the keywordnow
to indicate that the specified access level should start immediately. The default value for this attribute isnow
. -
duration
: Specifies how long the access level should last. The default value is2h
(2 hours). The duration is specified in the following format:- [any number of digits, followed by
d
(for days)]. To specify 1 day, use1d
. - [any number of digits followed by
h
(for hours)]. To specify 1 hour, use1h
. - [any number of digits followed by
m
(for minutes)]. To specify 90 minutes, use90m
.
You can use combinations of duration values. For example, to specify 1 day and 12 hours, use
1d12h
. - [any number of digits, followed by
-
reason
: Specifies a reason for changing the access level, for example: performing an upgrade. The default value isnone
.
Example 4-1 Creating a Temporary Access Window
The following example creates a two-hour temporary access window that starts immediately. The command uses the default values for start time and duration.
exacli> ALTER CELL accessLevelTemp=((accessLevel="remoteLoginEnabled", -
reason="Quarterly maintenance"))
Example 4-2 Creating a Temporary Access Window in the Future
The following example creates a 30 minute temporary access window that will begin on June 20, 2023, at 1:01 AM.
exacli> ALTER CELL accessLevelTemp=((accessLevel="remoteLoginEnabled", -
startTime="2023-06-20T01:01:00-07:00", -
duration="30m", -
reason="Quarterly maintenance"))
Example 4-3 Extending a Temporary Access Window
The following example extends the temporary access window created in the previous example to 5 hours. Note that the start time has to match the window that is being adjusted.
exacli> ALTER CELL accessLevelTemp=((accessLevel="remoteLoginEnabled", -
startTime="2023-06-20T01:01:00-07:00", -
duration="5h", -
reason="Quarterly maintenance window extended to 5 hrs - Joe"))
Example 4-4 Deleting a Temporary Access Window
The following example deletes the temporary access window. If the temporary access window is currently active, it is closed immediately and the access level will be set back to the permanent access level. If the temporary access window is in the future and not yet active, it is canceled.
exacli> ALTER CELL accessLevelTemp=''
Parent topic: Disabling SSH on Storage Servers
4.3.3 Unlocking a Cell Permanently
You can unlock a cell by setting its accessLevelPerm
attribute to remoteLoginEnabled
.
You must use a user that has the privilege to alter the accessLevelPerm
attribute.
Parent topic: Disabling SSH on Storage Servers
4.3.4 Checking the Current Access Level for a Cell
View the accessLevelPerm
and accessLevelTemp
attributes for a cell to determine the current access level.
Parent topic: Disabling SSH on Storage Servers
4.3.5 Access Level Alerts from the Management Server
A stateless alert is generated when the accessLevelPerm
attribute is modified.
A stateful alert is generated when the accessLevelTemp
window is created. An alert email is sent out when the accessLevelTemp
window is activated. The alert is cleared when the window expires.
Parent topic: Disabling SSH on Storage Servers