Comprehensive data protection for all workloads
Post Reply
pirx
Veteran
Posts: 650
Liked: 98 times
Joined: Dec 20, 2015 6:24 pm
Contact:

[V13] how to get root in ssh session after requ. root and enabling sshd

Post by pirx »

I deployed test v13 appliance yesterday and run into the dns issue like others. I could fix it and appliance is running ok now. During the debug process, I tried to login via ssh to appliance and followed https://helpcenter.veeam.com/docs/vbr/u ... tml?ver=13.
Managing Root Shell Access
If SSH is disabled, you can access only root shell in the Veeam Host Management TUI.
....
If you configured the Security Officer account during the Veeam appliance installation, users with Host Administrator permissions must request temporary access to the root shell. To do this, perform the following steps:
....
If the Security Officer approves the request, access to the root shell will be granted for 8 hours from the first login. The access is not revoked after activity timeouts.
I guess I'm just missing something, but how does veeamadmin get a root shell? I enabled ssh and veeamadmin requested root permissions, veeamso approved. Then I started a fresh ssh session as veeamadmin. But veeamadmin does not have different permissions than before. I can't edit any system files. Is su or sudo command needed (does not work). The documentation stops with how to enable this in UI, but not what to do afterwards.

In Host Admin UI, loggend in as veeamadmin
Your access privileges are elevated to root.

Revoke root privileges now?

Before requesting root access
uid=2000(veeamadmin) gid=2000(veeam-grp-admin) groups=2000(veeam-grp-admin),500(veeam-grp-log),508(veeam-grp-catalog),510(veeam-grp-backup),511(veeam-grp-data),512(veeam-grp-ircache),527(veeam-grp-yararules) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
After requesting root access
uid=2000(veeamadmin) gid=2000(veeam-grp-admin) groups=2000(veeam-grp-admin),500(veeam-grp-log),508(veeam-grp-catalog),510(veeam-grp-backup),511(veeam-grp-data),512(veeam-grp-ircache),527(veeam-grp-yararules) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
HannesK
Product Manager
Posts: 15588
Liked: 3438 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: v13, how to get root in ssh session after requ. root and enabling sshd

Post by HannesK » 1 person likes this post

Hello,
that works by starting the Host Management Console via /opt/veeam/hostmanager/veeamhostmanagertui -> log in again -> enter shell

Best regards
Hannes
Dima P.
Product Manager
Posts: 14939
Liked: 1830 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: [V13] how to get root in ssh session after requ. root and enabling sshd

Post by Dima P. »

Hi pirx,
and run into the dns issue like others. I could fix it and appliance is running ok now.
Could you please clarify which DNS issues you’ve encountered? We want to ensure that the appropriate fix is delivered on time. Thank you!
pirx
Veteran
Posts: 650
Liked: 98 times
Joined: Dec 20, 2015 6:24 pm
Contact:

Re: [V13] how to get root in ssh session after requ. root and enabling sshd

Post by pirx »

DNS settings during deployment were gone after initial install. I'm pretty sure that the ntp servers could be queried during configuration but ntp did not work afterwards. Proxy did not resolve, everything related to dns. Changing dns servers in GUI was not persistent (field was empty after opening config again), I'm not 100% sure about search domains. I checked in cli with nmcli and no dns server was there and in the end I changed it in TUI (IIRC). I guess it's the issue described in FAQ.
Dima P.
Product Manager
Posts: 14939
Liked: 1830 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: [V13] how to get root in ssh session after requ. root and enabling sshd

Post by Dima P. » 1 person likes this post

Got it, thank you for the details. We will fix those issues in the upcoming patch!
Post Reply

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], maoneal, restore-helper, Semrush [Bot] and 23 guests