StoredSafe System Administration Guide

System administration is mainly done on the system console connected to the StoredSafe appliance, it is possible to enable remote login over SSH, but for security reasons it’s use is discouraged unless absolutely necessary, such as when a HA pair is geographically dispersed.

Conventions used

Press Q to exit from one menu to another. If you press Q from the top level menu Main, you will be logged out from the Console.

Any prompts with text contained between angle brackets, such as Confirm (y/<N>)?, will indicate the standard answer if just a return is entered.

Logon to the System Console

Logon to the system console as the user storedsafe, the initial password is changeme.

StoredSafe recommends you change the default password to a strong password using the 2 supplied yubikeys for this purpose.

If the default password has been changed according to the StoredSafe recommendations, you will have 2 yubikeys containing the password for the storedsafe user. This is to make it possible to facilitate “Dual Control”, since each yubikey contains one piece of the password needed to authenticate as the storedsafe user. Typically one key is given to the CIO and the other key to the CSO.

On the console, press return a couple of times until you see a login: prompt. Enter storedsafe at the login prompt and at the Password: prompt insert the first yubikey (marked Console login 1 and press the button on the yubikey, remove the first yubikey and insert the second yubikey marked Console login 2. The second key is programmed to emit a 32 character long password and finally transmit a return.

Console Menu

As soon as you have logged in you will see the initial StoredSafe console application, with the following options:

┌────────────────────────────────────────────────────────────────────────────┐
│           StoredSafe Console on node1 (Version 2.x.x build xxxx)           │
└────────────────────────────────────────────────────────────────────────────┘

┌─┬──────────────────────────────────────────────────────────────────────────┐
│1│User Management                                                           │
│2│System Settings                                                           │
│3│Module Settings                                                           │
│4│Provisioning                                                              │
└─┴──────────────────────────────────────────────────────────────────────────┘

Move the cursor or enter a it's corresponding number (Q to Quit)

Main>

Note

You can either navigate with the arrow keys on the keyboard or use the keyboard shortcut to select a menu item. In the example above, pressing the digit 2 on the keyboard takes you directly to the System Settings menu.

Note

Pressing Q in sub-menus will always bring you up one level in the menu hierarchy. At the top level, it will offer you to log out.

• User Management
  • User Information
  • Vault Information
  • Replace a lost Yubikey for a user
  • Password policy for user login passphrases
  • Key Escrow Management
  • Undelete Vault or Objects
  • Recover Disk Space
  • Search the Audit Log
• System Settings
  • Network Settings
  • GUI Settings
  • Backup Management
  • Storage Management
  • Service Management
  • Firmware Management
  • Database Maintenance
  • Appliance Management
• Module Settings
  • RADIUS Module
• Provisioning
  • Provisioning Wizard
  • Manage Service accounts
  • Generate new SSH host keys
  • Manage Web Server Settings
  • Manage 2-factor settings
  • Install new System features
  • Enable or Disable System install script
  • StoredSafe License