The gateway has two user accounts:
Both accounts help in activities related to administrative, configuration, and basic troubleshooting.
Administration User (admin): An admin can access the Gateway Web interface and command-line interface for administration activities.
These activities include credentials configuration, gateway registration, date and time change, and network settings.
This account does not provide shell access to the gateway appliance.
System User (ruser): An ruser can access the gateway command-line interface with
sudoprivileges to do basic troubleshooting activities, such as accessing the gateway log files, ping, and SNMP walk. A system user can also access a gateway directly using key-based authentication.
The default passwords for
ruser accounts are available from the OpsRamp Console. Navigate to Setup, Download, and click Gateway to access password settings.
All users must change the default password during the first login. Passwords can be changed using the command-line interface or the gateway web interface.
Change password using the command line
- Using SSH, log into the gateway command-line interface with your username and password.
- Follow the menu options to change the password.
Change password using the web interface
- From your browser, log into gateway
https://<gatewayip>:5480, using your credential.
- Follow instructions in the web interface to change your password.
All users must change the default password at the first login.
Enable key-based authentication
Key-based authentication is allowed only for the system user. This authentication helps the
ruser to log into the gateway with a private key instead of a password. A public key and a private key combination are used to authenticate the login.
If key-based authentication is enabled for the system user, the password-based login is disabled. Passwords can be reset to the default settings.
Log into your Linux computer and open a terminal.
At the shell prompt and enter:
ssh-keygen -t rsa, which prompts for the key file location.
Press Enter to accept the default location.
Optionally, specify a passphrase to protect your key material.
Press Enter to omit the passphrase. The output of the program is displayed as below.
Enter file in which to save the key (/Users/user1/.ssh/id_rsa): Created directory '/Users/user1/.ssh'. Enter passphrase (empty for no passphrase): Enter the same passphrase, again: Your identification is saved in /Users/user1/.ssh/id_rsa. Your public key is saved in /Users/user1/.ssh/id_rsa.pub.
id_rsa.pubfile and copy the content. Make sure to copy the public key properly without any space at the beginning or end.
In the gateway web user interface, go to the Password page.
Paste the public key in the Provide Public Key box for the Appliance System user.
The gateway is enabled with the key-based login.
Always keep your private key in a safe place to access the gateway as a system user.
Restrict SSH login access
If a user attempts five consecutive logins with invalid credentials, the gateway restricts SSH login for ruser and admin users. The restriction persists for 30 minutes and the gateway user account is locked. During the 30-minute interval, even valid login credentials are not accepted.