Anchor | ||||
---|---|---|---|---|
|
Include Page | ||||
---|---|---|---|---|
|
Contents
Table of Contents | ||||
---|---|---|---|---|
|
There are several ways to access the Charon-SSP AWS Instance.
SSH Command-Line Access
IBM Cloud Security Overview
Access to an IBM cloud instance can be controlled by
- an external firewall,
- the operating system firewall of the instance,
- IBM-specific security groups, and
- IBM-specific subnet ACLs.
In addition to allowing SSH access, the different firewall levels must be configured to permit at least access to any required license servers.
IBM Cloud Security Groups
Security Groups are associated with a virtual server instance. They have the following characteristics:
- Stateful: once an inbound connection is permitted, return traffic is allowed.
- Only allow rules are possible.
- All rules are considered to determine if traffic should be permitted.
- An instance can have several security groups.
IBM Cloud Subnet ACLs
Subnet ACLs are associated with subnets in a VPC. They have the following characteristics:
- Stateless: inbound and outbound connections must be explicitly allowed.
- Allow and deny rules are possible.
- Rules are processed in sequence.
- One ACL can be assigned to several subnets.
- The default ACL allows all traffic.
Connecting to the Cloud Instance
During the configuration of your instance you should have created a security group allowing at the minimum SSH access to the instance. If this has been done correctly, you can, for example, use SSH from the command-line or from a tool such as PuTTY to access the command-line of the charon user user sshuser (for Charon prepackaged marketplace images) or your custom user (for RPM installations) on the Charon -SSP host instance.
If you select your instance in the instance list and then click on Connect, you will see the instructions for connecting via SSH.
In particular, you will see
...
You will need the following:
- Access to the private key associated with the public key you uploaded during the configuration of the instance.
- The public IP address of the instance.
The following image shows an examplePlease note:
...
- The file permissions of the private key file must be set such that the file is only readable
...
- by
...
- the
...
- user
...
The parameter ServerAliveInterval
will protect the connection from timing out.
Below, you see sample output of a login:
Code Block | ||
---|---|---|
| ||
$ ssh -o ServerAliveInterval=30 -i ./we-test-key2.pem charon@3.81.64.139
Last login: Tue May 21 05:34:33 2019 from myhost.example.com
[charon@ip-172-31-38-252 ~]$ pwd
/home/charon
|
...
Start the Charon-SSP Manager
Start the Charon-SSP Manager using the following command:
...
This will open the login window of the Charon-SSP Manager.
...
...
...
On this tab
- enter the public IP address of your Charon-SSP instance,
- enter the Charon-SSP management password (default: stromasys), and
- enable the SSH tunnel configuration.
...
On this tab
- enter the Charon-SSP user (charon),
- enter the path to the private and public key files (click on the three dots to open a file browser),
- enter the passphrase for the private key if required, and
- adjust the server port (default 22).
...
If the information is correct, the Charon-SSP Manager welcome screen will be displayed:
...
- (e.g.,
...
File transfer using SFTP
The SSH security group definition is also used to allow SFTP access to the Charon-SSP AWS instance. This allows file transfers to and from the Charon-SSP AWS instance. The user for file transfers is the storage user.
To connect to the instance as the user storage, use the following command:
...
Code Block | ||
---|---|---|
| ||
$ sftp -i ./we-test-key2.pem storage@3.81.64.139
Connected to storage@3.81.64.139.
sftp> pwd
Remote working directory: /
sftp> ls
storage |
Connecting with the Charon-SSP Manager
To manage Charon-SSP and the emulated SPARC systems, you must connect to the Charon-SSP AWS instance with the Charon-SSP Manager. The Charon-SSP Manager is the main interface to all important functions of the Charon-SSP software.
Prerequisites:
- The Charon-SSP Manager must be installed on your local system.
- The Security Group on your local system must at least allow SSH access. This allows the built-in SSH tunneling of the Charon-SSP Manger to work. Should you not use SSH tunneling, you must open up additional ports (9091 for the Manager communication, any ports used for the emulated system serial console ports, and ports used for the graphical emulation). However, if the connection runs over the Internet, Stromasys recommends strongly to use SSH tunneling. Otherwise, your Charon-SSP cloud instance and any emulated systems running on it can easily be compromised.
- The public key installed in
.ssh/authorized_keys
of the charon user of the Charon-SSP AWS instance must be copied to the local system. The Charon-SSP Manager needs this key to set up SSH tunneling. - Public IP address of the Charon-SSP AWS instance.
Copy the Public Key to the Local System
To copy the Charon-SSP AWS public key to the local system, perform the following steps:
...
$ cat ~/.ssh/authorized_keys
Copy the content into the paste-buffer.
...
#
chmod 400 <private-key-file>
).- PuTTY uses a different key file format. It comes with tools to convert between its own
.ppk
format and the format of OpenSSH used by the default Linux tools.
There are several ways to connect to your Charon cloud instance using this basic SSH protocol access. Some of them are described in the following sections below.
Child pages (Children Display) | ||
---|---|---|
|
Div | ||
---|---|---|
| ||