Enable SSH using the command line on RSA Authentication Manager 8.4 and up
Originally Published: 2020-09-25
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4, 8.5
Issue
Resolution
You first must connect to the RSA SecurID appliance using a monitor and USB keyboard that is directly connected to the appliance. Access can also be gained from a VMware console. Commands are as follows:
- Launch an SSH client, such as PuTTY.
- Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
- When prompted, sudo to root and enter the password again.
Login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Mon Sep 22 07:22:45 2020 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@bharatham85:~> sudo su - root rsaadmin's password: <enter operating system password>
Enable SSH to the server
Run the following commands to enable SSH:rsaadmin@bharatham85:~> sudo systemctl start sshd [sudo] password for rsaadmin: <enter operating system password> rsaadmin@bharatham85:~>
Update iptables
rsaadmin@bharatham85:~> vim /etc/sysconfig/iptablesAdd the following entry.
-A sshd -i eth0 -p tcp --dport 22 -j ACCEPT
Disable SSH to the server.
Run the following commands to disable SSH:
rsaadmin@bharatham85:~> sudo systemctl stop sshd [sudo] password for rsaadmin: <enter operating system password> rsaadmin@bharatham85:~>
Notes
rsaadmin@bharatham85:~> sudo systemctl status sshd
[sudo] password for rsaadmin: <enter operating system password>
● sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-08-06 14:37:12 EDT; 1 months 9 days ago
Main PID: 6826 (sshd)
Tasks: 1
CGroup: /system.slice/sshd.service
└─6826 /usr/sbin/sshd -D
Sep 09 09:19:20 bharatham85 sshd[31210]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 41487 ssh2
Sep 09 13:36:48 bharatham85 sshd[5400]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 47328 ssh2
Sep 10 11:28:29 bharatham85 sshd[31639]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 3386 ssh2
Sep 11 08:01:27 bharatham85 sshd[18316]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 19136 ssh2
Sep 11 11:30:02 bharatham85 sshd[21640]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 22273 ssh2
Sep 14 13:40:01 bharatham85 sshd[20665]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 20971 ssh2
Sep 15 07:50:53 bharatham85 sshd[4777]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 36417 ssh2
Sep 15 08:23:24 bharatham85 sshd[5268]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 36998 ssh2
Sep 15 08:30:08 bharatham85 systemd[1]: Started OpenSSH Daemon.
Sep 15 08:43:12 bharatham85 systemd[1]: Started OpenSSH Daemon.
rsaadmin@bharatham85:~>
Example; iptables - secure shell is enabled:
rsaadmin@bharatham85:~> sudo iptables -L | grep ssh [sudo] password for rsaadmin: <enter operating system password> sshd all -- anywhere anywhere Chain sshd (1 references) ACCEPT tcp -- anywhere bharatham85.vcloud.local tcp dpt:ssh rsaadmin@bharatham85:~>
Example; iptables - secure shell is disabled.
rsaadmin@bharatham85:~> sudo iptables -L | grep ssh [sudo] password for rsaadmin: <enter operating system password> sshd all -- anywhere anywhere Chain sshd (1 references) rsaadmin@bharatham85:~>
Where secure shell access is not enabled in iptables then we can temporarily turn off iptables with the command: sudo systemctl stop iptables
Example:
rsaadmin@bharatham85:~> sudo systemctl stop iptables [sudo] password for rsaadmin: rsaadmin@bharatham85:~> sudo systemctl status iptables [sudo] password for rsaadmin: ● iptables.service - LSB: iptables Loaded: loaded (/etc/init.d/iptables; bad; vendor preset: disabled) Active: inactive (dead) since Wed 2020-01-22 08:56:15 AEDT; 7s ago Docs: man:systemd-sysv-generator(8) Process: 61611 ExecStop=/etc/init.d/iptables stop (code=exited, status=0/SUCCESS) Process: 61590 ExecStart=/etc/init.d/iptables start (code=exited, status=0/SUCCESS) Jan 22 08:55:36 bharatham85 systemd[1]: Starting LSB: iptables... Jan 22 08:55:36 bharatham85 iptables[61590]: Starting iptables ..done Jan 22 08:55:36 bharatham85 systemd[1]: Started LSB: iptables. Jan 22 08:56:15 bharatham85 systemd[1]: Stopping LSB: iptables... Jan 22 08:56:15 bharatham85 iptables[61611]: Stopping iptables ..done Jan 22 08:56:15 bharatham85 systemd[1]: Stopped LSB: iptables. rsaadmin@bharatham85:~>
Related Articles
Enable SSH using the command line on RSA Authentication Manager 8.1 up to 8.3 Number of Views How to SSH to an RSA Authentication Manager version 8.x server Number of Views Enable SSH debug logs for RSA Authentication Manager 8.x Number of Views RSA Authentication Manager 8.2 customized SSH logon banner is not displayed Number of Views Authentication Manager Log Messages (26051-26110) Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
