openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
2d159c8e25aa38e0ef37cae24566cd515df9a654
openshift-docs/modules/security-command-line-host-access.adoc

60 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * edge_computing/day_2_core_cnf_clusters/security/security-host-sec.adoc
:_mod-docs-content-type: CONCEPT
[id="security-command-line-host-access_{context}"]
= Command-line host access
Direct access to a host must be restricted to avoid modifying the host or accessing pods that should not be accessed. For users who need direct access to a host, it is recommended to use an external authenticator, like SSSD with LDAP, to manage access. This helps maintain consistency across the cluster through the Machine Config Operator.
[IMPORTANT]
====
Do not configure direct access to the root ID on any {product-title} cluster server.
====
You can connect to a node in the cluster using the following methods:
Using debug pod:: This is the recommended method to access a node. To debug or connect to a node, run the following command:
+
[source,terminal]
----
$ oc debug node/<worker_node_name>
----
+
After connecting to the node, run the following command to get access to the root file system:
+
[source,terminal]
----
# chroot /host
----
+
This gives you root access within a debug pod on the node. For more information, see "Starting debug pods with root access".
Direct SSH:: Avoid using the root user. Instead, use the core user ID (or your own ID). To connect to the node using SSH, run the following command:
+
[source,terminal]
----
$ ssh core@<worker_node_name>
----
+
[IMPORTANT]
====
The core user ID is initially given `sudo` privileges within the cluster.
====
+
If you cannot connect to a node using SSH, see link:https://access.redhat.com/solutions/4073041[How to connect to {product-title} 4.x Cluster nodes using SSH bastion pod] to add your SSH key to the core user.
+
After connecting to the node using SSH, run the following command to get access to the root shell:
+
[source,terminal]
----
$ sudo -i
----
Console Access:: Ensure that consoles are secure. Do not allow direct login with the root ID, instead use individual IDs.
+
[NOTE]
====
Follow the best practices of your organization for securing console access.
====
View Git Blame Copy Permalink