Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > FAQs > Why do servers tag themselve differently (rs login:state=) depending on the version of the MCI used

Why do servers tag themselve differently (rs login:state=) depending on the version of the MCI used

Table of Contents
  1. Background
  2. Answer

Background

Why do servers tag themselve different depending on the version of the MCI used like rs_login:state=restricted and rs_login:state=active

Answer

This is part of the Manage login security policy which was introduced in RightLink 5.8. It requires users to SSH in as a non-privileged user and to use "sudo" if they want to run commands as root. With Managed Login 2.0, the server should tag themselves to distinguish that they are using RL 5.8. Instances that are using images with RL 5.8 which are capable of supporting rightscale@hostname logins should tag themselves with rs_login:state=restricted.

When a user clicks the dashboard SSH button, he will connect as rightscale@server-xyz. We use the OpenSSH key option field and a new rs_thunk command to "thunk" into the correct user context depending on the specific public key that is used for auth.

On RL 5.6 and earlier, instances are tagged with rs_login:state=active and users connect as root@hostname.

You must to post a comment.
Last modified
21:30, 16 May 2013

Tags

Classifications

This page has no classifications.

Announcements

None

Powered by MindTouch ®

© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.