H.5 Enabling SSH On A Secondary Network Interface Card For Audit Vault Server

Use this procedure to enable SSH on a secondary network interface card.

To enable and configure SSH on a secondary network interface card, follow these steps:

1. Enable the secondary Network Interface Card.
2. Execute the following commands to open the appliance configuration file:

   cp /usr/local/dbfw/etc/dbfw.conf /usr/local/dbfw/etc/dbfw.conf.backup

   vi /usr/local/dbfw/etc/dbfw.conf

3. Scroll down to the end of the file, below the new SECONDARY_NIC_ keys and add the following to enable incoming SSH connections from all addresses:

   # Enable SSH on eth1.

   SECONDARY_NIC_1_SSH="all"

   Note:

   This is optional. Replace all with disabled or with a blank string. This disables SSH connections on the network interface card.

4. To limit the incoming connections to specific addresses use a space separated list of IP addresses as follows:
   SECONDARY_NIC_1_SSH=”<IP address 1> <IP address 2>”
5. The default port for SSH connections is 22. To use a different port number, add the following key and port value as below:
   SECONDARY_NIC_1_SSH_PORT="22222"
6. Alternately replace the values as required:

   cat <<EOF >> /usr/local/dbfw/etc/dbfw.conf
   # Enable SSH on eth1.
   SECONDARY_NIC_1_SSH="all"
   SECONDARY_NIC_1_SSH_PORT="22222"

7. Execute the network configuration code to complete configuring the appliance with the new port specification:

   /usr/local/dbfw/bin/priv/configure-networking

   The following output confirms that terminal connection through SSH is now possible over local network through the configured network interface:

   $ ssh -p22222 support@xxx.yyy.yy.zz
   Warning: Permanently added '[xxx.yyy.yy.zz]:22222' (RSA) to the list of known hosts.
   support@xxx.yyy.yy.zz's password:
   Last login: Tue Oct 11 13:11:14 2016 from 10.167.202.82
   [support@avs0800273ab717 ~]$ su -
   Password:
   Last login: Tue Oct 11 13:11:20 UTC 2016 on pts/0
   [root@avs0800273ab717 ~]#

8. Execute the following command to view the current services listening on the appliance:

   netstat -pean | grep sshd

   The following output verifies the established connections configured listening, to the intended interface through the SSH daemon:

   tcp 0 0 xxx.yyy.yy.zz:22222 0.0.0.0:* LISTEN
   0 1043313 21098/sshd
   tcp 0 0 xx.yyy.yy.zz:22 0.0.0.0:* LISTEN
   0 1043315 21098/sshd
   tcp 0 0 xxx.yyy.yy.zz:22222 xxx.yyy.yy.z:42568 ESTABLISHED
   0 1100215 24276/sshd
   tcp 0 0 xx.yyy.yy.zz:22 xx.yyy.yy.zz:48340 ESTABLISHED
   0 957675 15987/sshd
   unix 3 [ ] STREAM CONNECTED 1100576 24317/sshd
   unix 2 [ ] DGRAM 957849 15987/sshd
   unix 3 [ ] STREAM CONNECTED 957853 15987/sshd
   unix 3 [ ] STREAM CONNECTED 1100577 24276/sshd
   unix 3 [ ] STREAM CONNECTED 957852 16015/sshd
   unix 2 [ ] DGRAM 1100573 24276/sshd

   See Also:

   • A Client Is Unable To Connect To The AVS Using SSH With A Secondary Network Interface Card for more information in case you are unable to connect to the Audit Vault Server through SSH.

   • Enabling A Secondary Network Interface For Audit Vault Server