000011851 - Enable SSH using the command line on RSA Authentication Manager 8.1 up to 8.3

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 29, 2020
Version 6Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000011851
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1, 8.2, 8.3
IssueThis article provides commands to enable or disable SSH to the RSA Authentication Manager server using the command line up to 8.3.
Resolution

Before enabling SSH


You first must connect to the RSA SecurID appliance using a monitor and USB keyboard that is directly connected to the appliance. Access can also be gained from a VMware console. Commands are as follows:

  1. Launch an SSH client, such as PuTTY.
  2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
  3. When prompted, sudo to root and enter the password again.

During Quick Setup, another username may have been selected. Use that username to log in.




login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Feb 12 15:51:57 2018 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~> sudo su - root
rsaadmin's password: <enter operating system password>



Enable SSH to the server


Run the following commands to enable SSH:


am82p:~ #chkconfig -f --add sshd
sshd             0:off  1:off  2:off  3:on  4:off  5:on  6:off
am82p:~ # /etc/init.d/sshd start
Checking for missing server keys in /etc/ssh
Starting SSH daemon                                       done
am82p:~ # iptables -A sshd -i eth0 -p tcp --dport 22 -j ACCEPT



Disable SSH to the server


Run the following commands to disable SSH:


am82p:~ #chkconfig -f --del sshd
sshd             0:off  1:off  2:off  3:off  4:off  5:off  6:off
am82p:~ # /etc/init.d/sshd stop
Shutting the listening SSH daemon                       done
am82p:~ # iptables -D sshd -i eth0 -p tcp --dport 22 -j ACCEPT



Enable SSH with one command

With the syntax below, SSH can be shut down then restarted with one command:



/opt/rsa/am/utils/bin/appliance/configureSSH.sh enable <Authentication Manager IP address>




am82p:~ # /opt/rsa/am/utils/bin/appliance/configureSSH.sh enable 192.168.2.50
Shutting down the listening SSH daemon                                                            done
Checking for missing server keys in /etc/ssh
Starting SSH daemon                                                                               done
Saving iptables configuration                                                                     done
Saving iptables configuration                                                                     done
NotesTo check if the sshd service is running, type the command below:

am82p:~ # netstat -atup | grep sshd
tcp        0      0 *:ssh                   *:*                     LISTEN      29516/sshd
tcp        0     64 am82p.vcloud.local:ssh  jumphost.vcloud.l:39030 ESTABLISHED 29070/sshd: rsaadmin
tcp        0      0 *:ssh                   *:*                     LISTEN      29516/sshd
am82p:~ #


Procedure for RSA Authentication Manager 8.4 and above

Because Authentication Manager 8.4 uses the SUSE 12.3 operating system, there is a different procedure than with earlier versions that ran on SUSE 11.4 to enable SSH using the command line.  For the new procedure, see article 000039344 - Enable SSH using the command line on RSA Authentication Manager 8.4 and up
Legacy Article IDa63883

Attachments

    Outcomes