Updated on 2024-06-12 GMT+08:00

Using a Client to Log In to a CBH System

With CBH, your current client-based O&M experience is still useful. You can use an SSH or Microsoft Terminal Services Client (MSTSC) client to directly log in to the CBH system for resource O&M.

  • SSH client logins can be authenticated by static passwords, public keys, SMS messages, mobile OTPs, or OTP tokens.
  • MSTSC client logins can only be authenticated by static passwords.
  • SecureCRT 8.0 or later and Xshell 5 or later are recommended.

Using an SSH Client to Log In to a CBH System

CBH allows you to use an SSH client to log in to your CBH system for authorized resource O&M.

  • Only host resources configured with the SSH, Telnet, or Rlogin protocols can be logged in through an SSH client.
  • SecureCRT 8.0 or later and Xshell 5 or later are recommended.
  1. Start the local SSH client tool and choose File > New to create a user session.
  2. Configure user session connection.

    • Method 1

      In the displayed dialog box, select a protocol type, enter the EIP address and port number (2222) of the CBH instance, and click OK. Enter the login name of your CBH system account and click Connect.

    • Method 2

      In the newly opened blank session window, run a command in the following format: Protocol type User login name@System login IP address Port number, for example, ssh admin@10.10.10.10 2222.

    • Method 3

      In the live session window of a Linux host, run a command in the following format: Protocol type User login name@System login IP address-p Port number, for example, ssh admin@10.10.10.10 -p 2222.

    The system login IP address is the CBH IP address, which can be the private IP address or an EIP. The network connection between the local PC and the IP address is normal.

  3. Authenticate user identities.

    Enter your identity credentials as prompted.

    When an SSH client is used for establishing connections, you can use the Password, SSH Pubkey, SMS, Mobile OTP, and/or OTP Token authentication. To use SMS, Mobile OTP, and OTP token, configure multifactor verification.
    Table 1 SSH client login authentication

    Authentication Method

    Login Description

    Configuration Description

    Password

    Enter the username and password of your CBH system user account.

    Default login mode.

    The login passwords in the AD, RADIUS, LDAP, or Azure AD authentication are the passwords of users on the remote server.

    SSH Pubkey

    Enter the private key and private key password for login authentication. After the login authentication is successful, next time the user can log in to the system over the SSH client without entering the password.

    You need to generate a public and private key pair for login verification and add the SSH public key to the CBH system in the Profile center.

    SMS

    In SMS authentication, enter the Password or SSH Pubkey and the SMS verification code you will receive to complete the login authentication.

    An available phone number has been configured for the account.

    Mobile OTP

    In Mobile OTP authentication, enter the Password or SSH Pubkey and the OTP token to complete the login authentication.

    NOTE:

    Ensure that the CBH system time is the same as the mobile phone time (accurate to the second). Otherwise, a message indicating that the verification code is incorrect will be reported.

    Bind your system user account to a mobile OTP and contact the administrator to configure multi-factor authentication for this account.

    OTP token

    After the Password or SSH Pubkey login is authenticated, select OTP token and enter the verification code.

    An OTP token has been issued to the user.

  4. After logging in to the CBH system, you can view system information and start O&M operations.

    You can also use an API to directly log in to a managed host.

    Enter the username in the format of Username@Resource account@Host IP address:Port, for example, admin@root@192.0.0.0:22.

Accessing a CBH system through Microsoft Terminal Services Client (MSTSC)

CBH allows you to use an MSTSC client to log in to authorized resources for O&M.

  1. Open the MSTSC dialog box.
  2. In the displayed dialog box, enter the CBH information in the Computer text box in the format of CBH IP address: 53389.

    Figure 1 Configuring the computer

  3. Click Connect and provide the following information to complete the login:

    • Username: Enter Login Name of the CBH user@Windows host resource account@Windows host resource IP address:Windows remote port (3389 by default), for example, admin@Administrator@192.168.1.1:3389.

      The Windows host resource account must be a resource account that has been added to CBH and the login mode must be automatic login, or the resource account cannot be identified and O&M audit files cannot be generated. Real-time session O&M is not supported.

    • Password: Enter the password of the CBH user.