Page History

...

The following significant changes are introduced in the SBC 07.02.00S400 instances on AWS:

“root” login from “linuxadmin” is disabled
"linuxadmin" user "sudo" access tightened:
- On AMI Instance start-up the "linuxadmin” user will not be in the “sudo” group
- When any valid licence is installed, the “linuxadmin” user will be given sudo access
support only SSH Key login for the “admin” user
- Update CFTs to support SSH Key login for "admin" user
- Revert change to set "admin" user password to primary interface-id
No default passwords for all Linux accounts on installation
- The “linuxadmin” and “admin” users permit only key based SSH
- The default "root" user password is removed
- To use EMA or other services which require passwords, the customer must add a user with a user password after installation/upgrade of the SBC has completed
Sanity Checking - After AMI Instance Initiation
- Ensure only default users in sshd_config file
- No unexpected users are configured in the "sudo" group
- Logging in with "ssh" is only available to the "linuxadmin" and "admin" users
- For any unexpected users configured on the system:
  - All accounts should be locked/removed from /etc/passwd (using "mod user -l")
  - Ensure only white list users are configured in /etc/sudoers.d

...

Get the Chassis number from the SBC logging in as “admin” to CLI
- ssh -i <admin_pem> admin@<sbc_ip>
- show table system serverStatus
- Extract the SERIAL NUM – eg EC2655E1-AC17-C688-1C3E-72562BB72000
Acquire license from SalesForce Ribbon Support Portal / the account team.
SCP the license file onto the SBC as “linuxadmin” user using port 2024:
1. scp -i <pem_file> -P 2024 <license_file.xml> linuxadmin@<aws_ip>:/opt/sonus/external
As the “admin” user run the CLI “request” command to initially install the license for “linuxadmin” to gain sudoers permissions
- ssh -i <admin_pem> admin@<sbc_ip>
- request system admin <system_name> license loadLicenseFile bundleName b1 fileName <license_file.xml>

...

Space shortcuts