Adding Accounts of Managed Host or Application Resources into Your Bastion Host
A host or application resource may have multiple accounts configured. Each account of a managed host or application resource is considered as a managed resource account. You do not need to enter the username or password when you log in to a managed host using its managed resource accounts.
If no accounts are added for a host or application resource, the Empty account is generated by default. In this situation, when you log in to the host or application resource through your bastion host, a username and password is required.
This topic describes how to add a managed resource account after resources are managed in a bastion host.
Constraints
- Automatic login accounts cannot be configured for Microsoft Edge application resources.
- If the AD domain service is installed on the managed resources, the account to be added is Domain name\Host account username, for example, ad\administrator.
Prerequisites
- You have the operation permissions for the Account module.
- You have added host or application resources.
Adding an Account for a Resource
- Log in to your bastion host.
- Choose Resource > Account in the navigation pane.
- Click New. In the dialog box displayed, configure resource account attributes.
Figure 1 New Account
- Click OK. The newly created account will be displayed in the account list.
Batch Importing Accounts of Managed Resources into Your Bastion Host
To import application server from a file, the file must be in .csv, .xls, or .xlsx format.
- Log in to your bastion host.
- Choose Resource > Account in the navigation pane.
- Click Import in the upper right corner of the page.
Figure 2 Import Account
- Click Download to download the template if no template is available locally.
- Enter the information of accounts according to the configuration requirements in the template file.
Table 2 Template parameters Parameter
Description
Account
(Mandatory) Enter the username of the managed resource account.
Logon Type
Method to log in to the resource.
- This parameter can be set to Auto Login, Manual Login, or Sudo Login.
IS Sudo
Whether to set the account as a sudo account.
- This parameter can be set to Yes or No.
Password
Password of the account for logging in to the resource.
SSH Key
Authentication method that can be configured for SSH hosts.
After the configuration, an SSH key is preferentially used to log in to a related host resource.
Passphrase
Private key sequence mapped to the SSH key.
Oracle Param
This parameter is mandatory for Oracle hosts.
- This parameter can be set to SERVICE_NAME or SID.
- Separate multiple parameter values with commas (,).
SERVICE_NAME or SID
This parameter is mandatory for Oracle hosts.
- Separate multiple parameter values with commas (,).
Login Role
This parameter is mandatory for Oracle hosts.
- This parameter can be set to normal, sysdba, or sysoper.
- Separate multiple parameter values with commas (,).
Database Name
This parameter is mandatory for the DB2 databases.
- Select the database name or instance name.
- Separate multiple parameter values with commas (,).
Instance Name
This parameter is mandatory for the DB2 databases.
- Select the database name or instance name.
- Separate multiple parameter values with commas (,).
Switch From
Sudo account of the host resource.
Switch command
The command to switch over between accounts.
AD Domain
For Radmin application resources, enter the AD domain address.
Description
Brief description of the managed resource account.
Resource
Enter the name of the resource that has been added to the host list or application list.
IP address/domain name
For associated host resources, enter the IP address or domain name of the host resource.
Type
(Mandatory) Enter the protocol type of the host resource or the application type of the application resource.
- Supported host protocols: SSH, RDP, VNC, Telnet, FTP, SFTP, DB2, MySQL, SQL Server, Oracle, SCP, PostgreSQL, GaussDB, and Rlogin.
- Supported application types: Microsoft Internet Explore, Mozilla Firefox for Windows, Google Chrome, VNC Client, SecBrowser, vSphere Client, Radmin, dbisql, Mysql Tool, SQLServer Tool, Oracle Tool, Rlogin, Mozilla Firefox for Linux, DM Tool, KingbaseES Tool, GBaseDataStudio for GBase8a, X11, and Other.
Port
This parameter is mandatory for host resources. Enter the IP address or domain name of the host resource.
Account Group
The account group to which the managed resource account belongs.
- A managed resource account can belong to multiple account groups in the same department. Use a comma (,) to separate every two account groups.
- Only the account group that has been created in the system can be entered.
- Click Upload and select the completed template.
- (Optional) Configure Override existing accounts, which is deselected by default.
- Selected: A managed resource account will be overwritten by the one being imported if both accounts have the same name.
- Deselected: A managed resource account will be skipped when the one being imported and the managed resource account have the same name.
- (Optional) Configure Verify Account, which is selected by default.
- Selected: The account status is verified when it is imported.
- Deselected, the account status will not be verified when it is imported.
- Click OK.
Batch Creating Resource Accounts
You can create resource accounts for multiple hosts at the same time.
- Log in to your bastion host.
- Choose Resource > Host in the navigation pane on the left.
- Select the hosts for which you want to create accounts and choose
.
Only hosts with the same protocol type are supported.
- Enter the account information to be added, as shown in Table 3.
Table 3 Parameters for creating resource accounts in batches Parameter
Description
Login Type
Select the login mode of the created accounts.
- Auto Login
- Manual Login
- CSMS Credentials Login
- Sudo Login
Account
Name of the account. You can specify one.
If the login mode is set to automatic login, this parameter is mandatory.
Password
Password of the account.
SSH Key
This parameter is mandatory if the current account needs to log in to the system using an SSH key.
The RSA private key in PEM or RFC4716 format is supported. After the RSA private key is entered, the SSH key is preferentially used for login.
passphrase
Password of the SSH key. You need to enter the SSH key first. If the SSH key is password-free, you do not need to set this parameter.
CSMS Credentials
This parameter is mandatory only when Login Mode is set to CSMS Credentials Login.
Description
Description of the current account.
A maximum of 128 characters can be entered.
Options
Select an option.
- Overwrite existing account: You can select this to overwrite the existing accounts that have the same usernames as that of accounts your are creating.
- Verify Account: Check whether the added account can be used to log in to the system. This option can be selected only when the automatic login mode is used.
- Confirm the information and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.