This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Enable SSH using the command line on RSA Authentication Manager 8.4 and up

Article Number

000039344

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4, 8.5

Issue

This article provides commands to enable or disable SSH to the RSA Authentication Manager server using command line on 8.4 and up.

Resolution

Before enabling SSH

You first must connect to the RSA SecurID appliance using a monitor and USB keyboard that is directly connected to the appliance. Access can also be gained from a VMware console. Commands are as follows:
  1. Launch an SSH client, such as PuTTY.
  2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
  3. When prompted, sudo to root and enter the password again.
During Quick Setup, another username may have been selected. Use that username to log in. 

Login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Sep 22 07:22:45 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@bharatham85:~> sudo su - root
rsaadmin's password: <enter operating system password>

Enable SSH to the server

Run the following commands to enable SSH: 

rsaadmin@bharatham85:~> sudo systemctl start sshd
[sudo] password for rsaadmin: <enter operating system password>
rsaadmin@bharatham85:~>

Update iptables 


rsaadmin@bharatham85:~> vim /etc/sysconfig/iptables
Add the following entry.  

-A sshd -i eth0 -p tcp --dport 22 -j ACCEPT

Disable SSH to the server.
Run the following commands to disable SSH: 

rsaadmin@bharatham85:~> sudo systemctl stop sshd
[sudo] password for rsaadmin: <enter operating system password>
rsaadmin@bharatham85:~>

 

Notes

To check if the sshd service is running, type the command below: 

rsaadmin@bharatham85:~> sudo systemctl status sshd
[sudo] password for rsaadmin: <enter operating system password>
● sshd.service - OpenSSH Daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-08-06 14:37:12 EDT; 1 months 9 days ago
 Main PID: 6826 (sshd)
    Tasks: 1
   CGroup: /system.slice/sshd.service
           └─6826 /usr/sbin/sshd -D

Sep 09 09:19:20 bharatham85 sshd[31210]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 41487 ssh2
Sep 09 13:36:48 bharatham85 sshd[5400]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 47328 ssh2
Sep 10 11:28:29 bharatham85 sshd[31639]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 3386 ssh2
Sep 11 08:01:27 bharatham85 sshd[18316]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 19136 ssh2
Sep 11 11:30:02 bharatham85 sshd[21640]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 22273 ssh2
Sep 14 13:40:01 bharatham85 sshd[20665]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 20971 ssh2
Sep 15 07:50:53 bharatham85 sshd[4777]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 36417 ssh2
Sep 15 08:23:24 bharatham85 sshd[5268]: Accepted keyboard-interactive/pam for rsaadmin from 192.168.2.102 port 36998 ssh2
Sep 15 08:30:08 bharatham85 systemd[1]: Started OpenSSH Daemon.
Sep 15 08:43:12 bharatham85 systemd[1]: Started OpenSSH Daemon.
rsaadmin@bharatham85:~>

Example; iptables - secure shell is enabled: 

rsaadmin@bharatham85:~> sudo iptables -L | grep ssh
[sudo] password for rsaadmin: <enter operating system password>
sshd       all  --  anywhere             anywhere
Chain sshd (1 references)
ACCEPT     tcp  --  anywhere             bharatham85.vcloud.local  tcp dpt:ssh
rsaadmin@bharatham85:~>

Example; iptables - secure shell is disabled. 

rsaadmin@bharatham85:~> sudo iptables -L | grep ssh
[sudo] password for rsaadmin: <enter operating system password>
sshd all -- anywhere anywhere
Chain sshd (1 references)
rsaadmin@bharatham85:~>

Where secure shell access is not enabled in iptables then we can temporarily turn off iptables with the command: sudo systemctl stop iptables

Example: 

rsaadmin@bharatham85:~> sudo systemctl stop iptables
[sudo] password for rsaadmin:
rsaadmin@bharatham85:~> sudo systemctl status iptables
[sudo] password for rsaadmin:
● iptables.service - LSB: iptables
Loaded: loaded (/etc/init.d/iptables; bad; vendor preset: disabled)
Active: inactive (dead) since Wed 2020-01-22 08:56:15 AEDT; 7s ago
Docs: man:systemd-sysv-generator(8)
Process: 61611 ExecStop=/etc/init.d/iptables stop (code=exited, status=0/SUCCESS)
Process: 61590 ExecStart=/etc/init.d/iptables start (code=exited, status=0/SUCCESS)

Jan 22 08:55:36 bharatham85 systemd[1]: Starting LSB: iptables...
Jan 22 08:55:36 bharatham85 iptables[61590]: Starting iptables ..done
Jan 22 08:55:36 bharatham85 systemd[1]: Started LSB: iptables.
Jan 22 08:56:15 bharatham85 systemd[1]: Stopping LSB: iptables...
Jan 22 08:56:15 bharatham85 iptables[61611]: Stopping iptables ..done
Jan 22 08:56:15 bharatham85 systemd[1]: Stopped LSB: iptables.
rsaadmin@bharatham85:~>

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 04:24 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.