All JADAPTIVE Server products have a built-in CLI management shell that is accessible over SSH. We endeavor to make the product as configurable via the CLI as it would be through a web-based interface. This article explains what to do when you log into the CLI for the first time and recommends some configuration options to harden access to the CLI.
1. Logging In
Once you have installed the JADAPTIVE Server you can proceed to log into the system via SSH and configure the builtin Administrators account. The default SSH port for the management CLI is port 2222. You should start a shell using your preferred SSH client logging in as the user 'admin'.
ssh -p 2222 firstname.lastname@example.org
You should be prompted to accept the servers host key
The authenticity of host '[x.x.x.x]:2222 ([x.x.x.x]:2222)' can't be established.
ECDSA key fingerprint is SHA256:N2OIlRRNNBi5+fgA81MTwnDpqEQ+UPPCmdhDz7uHErI.
Are you sure you want to continue connecting (yes/no)?
Type 'yes' to continue. You will then be prompted for the admin's password
Warning: Permanently added '[x.x.x.x]:2222' (ECDSA) to the list of known hosts.
Enter password for admin
The default password is admin. Once you have provided this password you will be prompted to provide a new password. We recommend you use a strong password that includes uppercase, lowercase, numbers, and symbols.
Enter new password for admin
The CLI management shell will now start.
_ _ _ _
(_) __ _ __| | __ _ _ __ | |_(_)_ _____
| |/ _` |/ _` |/ _` | '_ \| __| \ \ / / _ \
| | (_| | (_| | (_| | |_) | |_| |\ V / __/
_/ |\__,_|\__,_|\__,_| .__/ \__|_| \_/ \___|
Type 'help' for a list of commands.
2. Generating a Private Key
Now that you have changed the default password for the admin account we recommend that you generate a private key to use public key authentication for future logins. To generate a new key for admin, simply issue ssh-keygen command in the shell:
The system will then prompt you for a name, and a passphrase to encrypt the key.
Name: Admin Key
Confirm Passphrase: **********
The key is then generated and printed out to the shell. You should copy and paste this into a file on your local machine. The key will not be saved anywhere else, so if you fail to do this you will lose access to the key and will have to generate a new one.
*** IMPORTANT ***
Your private has been created and has been printed below.
There is no other record of the private key on this server.
Therefore please copy this to a safe location or it will be lost.
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----
3. Uploading an Existing Key
If you have an existing key that you would rather use, then you should upload it using SFTP or SCP. Once uploaded, go back to the shell and use the import-key command. You can upload just the public key or the private key part (the private key will not be stored on the server so you should remove it after importing the key).
The system will then prompt you for a name for this key.
Name: Admin Key
If the key is a private key and is protected by a passphrase you will be prompted to enter the passphrase.
Your key has now been imported.
4. Hardening the SSH Server
We recommend that you turn off password authentication support and only allow users to login using public-key authentication.
To disable password logins, edit the $HOME/conf/jadaptive.properties file, locating the directives below
To prevent all password logins, uncomment the following directive by removing the # at the beginning of the line, and then change the value to false.
If you just want to prevent the admin account from password login, then change the alternative setting:
You will also notice a couple of other commented out properties
Uncomment these to activate. You can change the port as desired, and disable external access if this is required. If you disable external access you will only be able to login to the SSH server using the localhost interface on your server.
You will need to restart the server to make the configuration changes effective.
You are now ready to administer your server securely.