Use this procedure to enable SSH on a secondary network interface card.
cp /usr/local/dbfw/etc/dbfw.conf /usr/local/dbfw/etc/dbfw.conf.backup
vi /usr/local/dbfw/etc/dbfw.conf
# Enable SSH on eth1.
SECONDARY_NIC_1_SSH="all"
Note:
This is optional. Replace all with disabled or with a blank string. This disables SSH connections on the network interface card.
SECONDARY_NIC_1_SSH=”<IP address 1> <IP address 2>”
22
. To use a different port number, add the following key and port value as below:
SECONDARY_NIC_1_SSH_PORT="22222"
cat <<EOF >> /usr/local/dbfw/etc/dbfw.conf # Enable SSH on eth1. SECONDARY_NIC_1_SSH="all" SECONDARY_NIC_1_SSH_PORT="22222"
/usr/local/dbfw/bin/priv/configure-networking
The following output confirms that terminal connection through SSH is now possible over local network through the configured network interface:
$ ssh -p22222 support@xxx.yyy.yy.zz Warning: Permanently added '[xxx.yyy.yy.zz]:22222' (RSA) to the list of known hosts. support@xxx.yyy.yy.zz's password: Last login: Tue Oct 11 13:11:14 2016 from 10.167.202.82 [support@avs0800273ab717 ~]$ su - Password: Last login: Tue Oct 11 13:11:20 UTC 2016 on pts/0 [root@avs0800273ab717 ~]#
netstat -pean | grep sshd
The following output verifies the established connections configured listening, to the intended interface through the SSH daemon:
tcp 0 0 xxx.yyy.yy.zz:22222 0.0.0.0:* LISTEN 0 1043313 21098/sshd tcp 0 0 xx.yyy.yy.zz:22 0.0.0.0:* LISTEN 0 1043315 21098/sshd tcp 0 0 xxx.yyy.yy.zz:22222 xxx.yyy.yy.z:42568 ESTABLISHED 0 1100215 24276/sshd tcp 0 0 xx.yyy.yy.zz:22 xx.yyy.yy.zz:48340 ESTABLISHED 0 957675 15987/sshd unix 3 [ ] STREAM CONNECTED 1100576 24317/sshd unix 2 [ ] DGRAM 957849 15987/sshd unix 3 [ ] STREAM CONNECTED 957853 15987/sshd unix 3 [ ] STREAM CONNECTED 1100577 24276/sshd unix 3 [ ] STREAM CONNECTED 957852 16015/sshd unix 2 [ ] DGRAM 1100573 24276/sshd
See Also:
A Client Is Unable To Connect To The AVS Using SSH With A Secondary Network Interface Card for more information in case you are unable to connect to the Audit Vault Server through SSH.
Enabling A Secondary Network Interface For Audit Vault Server