DCImanager 6
Documentation
/
DCImanager 6
/
Getting started
/
Access for technical support
en En
es Es
Add to Favorites
Focus mode
Documentation
/
DCImanager 6
/
Getting started
/
Access for technical support

Access for technical support

You can open access to the server with the platform for your technical support specialists. Support staff will be able to connect to the server via SSH.

Managing access

To open access for technical support:

  1. Click in the right-hand menu → System overview tab → enable Technical support access option.
  2. If authorization on the platform is only available from specific IP addresses and a separate user has been created for technical support, ensure that they are permitted access from the required IP addresses (for example, 5.75.187.54 and 116.203.84.40). To do this:
    1. Go to the Users section → User groups tab.
    2. In the line with the name of the group to which the user belongs, click the icon.

    3. Ensure that the IP addresses 82.146.36.193 and 116.203.84.40 are specified in IP addresses for access to the platform. If not, add them and click Save.

When you enable this option, the platform will generate an SSL certificate with a validity of seven days. This certificate will be used for the identification of the support employee. The option will be automatically disabled when the certificate expires, and access to the platform will be closed. If necessary, you can disable this option earlier.

If the platform interface is unavailable

If the platform interface is unavailable (for example, due to platform failures), you can manage access via the script from the ISPsystem repository:

  1. Connect to the server with the platform via SSH.

  2. Download the script:

    curl -O https://download.ispsystem.com/extras/support_access.sh
  3. Run the script:

    • to open access: 

      sh support_access.sh enable

    • to close access: 

      sh support_access.sh disable
If access to the platform was opened with a script, it will not be disabled automatically. To close access, run the script with the disable parameter.

Work logic

When you open access, the platform:

  1. Adds data from the platform configuration file to the /etc/ssh/sshd_config file.
  2. Writes the public SSH key of the technical support to the /etc/ssh/ directory.
  3. Restarts the sshd service.

The cron scheduler keeps track of how long access is open and automatically closes it after seven days.

When you close access, the platform:

  1. Deletes platform data from the /etc/ssh/sshd_config file.
  2. Deletes the public SSH key of the technical support in the /etc/ssh/ directory.
  3. Restarts the sshd service.

Diagnostics

Incoming SSH connections are logged using standard OS tools. To view the connection log, run the command:

journalctl -u ssh