Shell Access Does Not Work as Expected

Asset ID:	1-72-2201794.1
Update Date:	2017-05-17
Keywords:

Solution Type Problem Resolution Sure

Solution 2201794.1 : Shell Access Does Not Work as Expected

Applies to:

Acme Packet 6300 - Version S-Cz7.1.2 and later
Acme Packet Legacy Platform Software - Version S-Cz7.1.2 and later
Acme Packet 4600 - Version S-Cx6.2.0 and later
Acme Packet 4500 - Version S-Cx6.2.0 and later
Acme Packet 3820 - Version S-Cx6.2.0 and later
Information in this document applies to any platform.

Symptoms

Users cannot access shell.

Attempt to enable shell access with debug-enable command, but once set and attempt to access shell is made, the error below is seen.

#debug-enable
#Password:
WARNING: This command enables a series of debugging commands on the system
This should only be done under guidance from Oracle|Acme Packet Personnel
Please enter a password that will be required for every invocation of the
various debugging commands, and to re-invoke this command. Note that there
will be no way to recover this password or use the protected commands should
the password be forgotten

New Password:
Confirm Password:

Password appears to be modified successfully, yet:

#shell
Shell access is disabled on this Session Director

Cause

Either the Admin Security license or the Admin Security with APC/NNC feature has been enabled when provisioning entitlements.
The Admin Security license will not allow shell access.

Solution

From the Admin Security Guide:

This section describes implications of installing and deleting the Admin Security license and the Admin Security ACP
license on an Oracle Communications Session Border Controller (SBC). These licenses enable the various security enhancements described in this document. In the absence of an AdminSecurity or Admin Security ACP license, these enhancements are not available.

As with any other license, an activate-config command must be executed after license installation for all changes to
take effect. Certain ACLI aspects, such as login and password change prompts, change immediately after license
installation.

These two licenses relate as follows:

1. Both licenses can exist together or separately on an SBC.

2. Removal of either or both licenses does not make available the protected areas of the system. This ensures that a system cannot be compromised by simply removing the Admin Security license(s).

Note: The Admin Security or the Admin Security ACP feature sets are not intended for all customer use. Consult your Oracle representative to understand the ramifications of enabling these features.

Note: Once the Admin Security or the Admin Security with ACP entitlement is provisioned, it can not be removed from the system in the field; your chassis must be returned to Oracle for replacement.

The last note is important. If provisioned, then the action cannot be undone and shell access will not be possible.

This can be verified when rebooting with a console connection, the following information can be seen relating to the Admin Security license:

Bringing up shell...
password secure mode is enabled
Admin Security is enabled

If the Admin Security or the Admin Security with ACP entitlement is provisioned, it can not be removed from the system in the field. This chassis must be returned to Oracle for replacement.

Attachments

This solution has no attachment