Logging in via SSH, Console, or Keyboard
TimeKeeper supports several login and authentication protocols.
A TimeKeeper instance running on VelaSync utilizes local system accounts forweb, SSH and console logins. These accounts can be configured to authenticate with remote tools like RADIUS and TACACS+. This topic covers the specifics of each of these types of logins and how they are authenticated.
As per default, TimeKeeper running on VelaSync permits RS232 console login, and keyboard/monitor access for enabled accounts, but not SSH access.
To enable SSH access:
- Login to the Web UI as “admin”. Then navigate to Configuration > Service & System Management, and under Manage Access, click the Enable SSH button. (If you only see a button Disable SSH, then SSH is already enabled.)
Once this is enabled, logs can be retrieved via SCP, SFTP and similar tools with the ’loguser’ user. It is also possible to SSH into the device and run system monitor tools like ’top’, ’ps’ and other Linux programs.
Users “admin” and “readonly” can also be used on the console or via SSH in addition to the “loguser” user. However, “readonly” and “loguser” accounts must be enabled via the Web UI before they can be used.
To enable the accounts “readonly” and “loguser”:
- Navigate to Configuration > Service & System Management, and under Manage Access, click either corresponding button. This will permit RS232 and keyboard/monitor access but not SSH, unless SSH access is enabled.
All console and SSH logins will authenticate via RADIUS or TACACS+ if TimeKeeper is configured to use those protocols.
Note: For safety reasons, it is strongly recommended that you change the default password for “loguser” immediately.
The default password for "loguser" is: “logaccess”. This applies even if RADIUS or TACACS+ is in use, as TimeKeeper will still fall back to login against the local account if possible when logging in.
The “readonly” and “loguser” accounts are intended for easy log collection via SSH, so that logs can be archived as needed for audit trails.
Standard shell access as “root” is not normally permitted or recommended. Please do NOT enable Enable root login via the Web UI menu Configuration > Service & System Management, unless asked to by Spectracom Technical Support.
Caution: Modifying the configuration by changing console ports, otherwise modifying the Linux kernel, BIOS settings, installed devices or installed software applications may cause problems in performance or correctness. Spectracom Technical Support is not obligated to providing support if such modifications had been made.