Oracle Cloud Infrastructure Documentation

Accessing the Management Host Securely

On Roving Edge devices, you can use serial console commands to connect securely to the management host.

Secure host access over the serial console is typically used for troubleshooting and support, when external interfaces are unavailable. An Oracle representative can log in to the Roving Edge device management host using a generated certificate and key pair, also called a day pass. Alternatively, they may provide the credentials to you and walk you through the necessary commands to resolve the problem or collect diagnostic data for further analysis. All operations are logged for audit purposes.

Create a secure connection as follows:

  1. Connect to the serial console. See Operating the Serial Console.

  2. If the serial console screen is locked, enter the passphrase to access the menu.

  3. In the Roving Edge Device main menu, select Advanced Menu.

  4. Select Admin Management.

  5. Select Secure Host Access > SSH over Serial Port. Follow the instructions in the terminal output. Copy the SSH command.

    Disconnect from this terminal session and start a ssh client using the serial port, like this:
ssh -o ConnectTimeout=60 -o ProxyCommand="socat - file:/dev/ttyUSB0,raw,echo=0,b115200" localhost
Tunnel starting in 30 seconds...
Please start the SSH client before the 30 seconds expire (starting now)!

  6. Disconnect from the serial console to release the USB port. For example:

    • If you're using minicom: press Ctrl+A Z to display the terminal menu, then press Q to quit without reset.

    • If you're using screen: press Ctrl+A D to disconnect.

  7. At the prompt on your local machine, paste the SSH command you copied. Include the Roving Edge device credentials provided to you to access the Service CLI.

    In this example, the oracle-support account is used to log in. For authentication, the associated private key and the Oracle-signed certificate are passed with the command.

    $ ssh -o ConnectTimeout=60 -o ProxyCommand="socat - file:/dev/ttyUSB0,raw,echo=0,b115200" \
-i .ssh/id_rsa_user -i .ssh/id_rsa_user-cert.pub oracle-support@localhost
[oracle-support@pcamn01 ~]$