SSH Access SA520W

Hello-
I'm working with a SA520W Security Appliance and having difficulty connecting to a SSH server on the LAN.
I have create an inbound (WAN zone to LAN zone) firewall rule for Service SSH:TCP, Enable Port Forwarding to 22 to the destination LAN IP, but have been unable to connect from any external IP address to the internal SSH server via XShell or PuTTY software. Within the LAN, I'm able to connect successfully.
What am I missing?
Much appreciated.

I assume you are using the built-in service on the device.  Try setting up a custom service and changing your forwarding rule to use your custom service.  If this does not work, call into the SBSC and open a case so we can document the issue.  1.866.606.1866.  You may ask for me, Jason McCord, I will be happy to work with you if I am available.

Similar Messages

  • Mac Mini login GUI not responding (but SSH access OK)

    I have an ongoing intermittant issue with my Mac Mini (running Lion).
    I can see the login GUI but can't login!  Sometimes the mouse pointer moves in response to my trackpad motions but the "click" doesn't respond when I try it. Generally the keyboard doesn't seem to respond (but pressing "enter" does wake-up the screen).
    I have the problem at the moment and have managed to actually enter 3 characters of my password, but now it's not responding.
    VNC access is enabled and if I connect via that method the results are exactly the same (so it's not an issue with my actual/physical keyboard or mouse).
    I have enabled SSH access and I can login via this method so the system is still responding.  I have run "top" from the SSH session and no particular process seems to be "hogging" the system.
    So I am at a loss as what to do.
    I would appreciate any advice on how to fault-find this via the SSH session.

    In System Preferences>Accounts, unlock the lock, click the little + icon & add a new Admin user, log into that account & see if it works.
    While in Safe mode/boot, in System Preferences>Accounts, unlock the lock, click the little + icon & add a new Admin user, log into that account & see if it works if you set the new user to Automatically login.

  • Best practice for SSH access by a user across multiple Xserves?

    Hello.
    I have 3 Xserves and a Mac Mini server I'm working with and I need SSH access to all these machines. I have given myself access via SSH in Server Admin access settings and since all 4 servers are connected to an OD Master (one of the three Xserves), I'm able to SSH into all 4 machines using my username/password combination.
    What I'm unsure of though is, how do I deal with my home folder when accessing these machines? For example, currently, when I SSH into any of the machines, I get an error saying...
    CFPreferences: user home directory at /99 is unavailable. User domains will be volatile.
    It then asks for my password, which I enter, and then I get the following error...
    Could not chdir to home directory 99: No such file or directory
    And then it just dumps me into the root of the server I'm trying to connect to.
    How should I go about dealing with this? Since I don't have a local home directory on any of these servers, it has no where to put me. I tried enabling/using a network home folder, but I end up with the same issue. Since the volume/location designated as my home folder isn't mounted on the servers I'm trying to connect to (and since logging in via SSH doesn't auto-mount the share point like AFP would if I was actually logging into OS X via the GUI), it again says it can't find my home directory and dumps me into the root the server I've logged in to.
    If anyone could lend some advice on how to properly set this up, it would be much appreciated!
    Thanks,
    Kristin.

    Should logging in via SSH auto-mount the share point?
    Yes, of course, but only if you've set it up that way.
    What you need to do is designate one of the servers as being the repository of home directories. You do this by simply setting up an AFP sharepoint on that server (using Server Admin) and checking the 'enable user home directories' option.
    Then you go to Workgroup Manager and select your account. Under the Home tab you'll see the options for where this user's home directory is. It'll currently say 'None' (indicating a local home directory on each server). Just change this to select the recently-created sharepoint from above.
    Save the account and you're done. When you login each server will recognize that your home directory is stored on a network volume and will automatically mount that home directory for you.

  • Cisco Nexus 3000 ssh access

    I have a Cisco  Nexus 3172T in a small environment running System version: 6.0(2)U3(1). I am using a vlan as management access, i.e. vlan100 is on every device and is using for snmp/ssh access. On the same switch I have one non-switchport (routed) port (eth1/6 in this case) connecting to a remote datacenter. I am able to SNMP poll and ping the vlan100 interface on the switch from everywhere, and I am able to SSH login while I am connected on any of the VLANs that are known to the switch. My problem comes when trying to access (SSH) the switch from the remote datacenter location (SNMP/Ping also works from the remote location). The only way to SSH access the switch from the remote location is only if I SSH in on the routed port (i.e. eth 1/6).
    I am not using the dedicated management port on the switch (nor I have any plans in the future). I am also running very plain config, a few switchports, one routed port, and the default control-plane policy (which is only policy pps). There are the ACLs on the VTY.
    Am I running into a known bug or is there some configuration requirement to allow this ?
    thanks
    dragan

    Its not in a VRF or anything like that is it?
    Also have you tried setting the ssh source interface to be vlan 100.
    http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/security/6x/b_Cisco_n3k_Security_Config_6x/b_Cisco_n3k_Security_Config_6x_chapter_0110.html#task_4AFC76AF5CD04C728EF30CB15EAE2655

  • How to get ssh access to my Azure Website?

    Hi,
    I can connect to Website via FilZilla using ftp hostname and username. But how to get ssh access to Azure Wedsite?

    ssh is not supported, but FTP should absolutely work using FileZilla. You can also use the
    Kudu Console, which gives you a console into your site.

  • Simple SSH Access-List Question

    I am enabling SSH access for all of our Cisco devices and want to restrict access to just the following ip addresses: 192.168.200.1-192.168.200.50.  I forgot the exact access-list configuration to accomplish this.  The subnet is /24 and I don't want the whole subnet - just .1 - .50.
    Thank you,
    Thomas Reiling

    Hi there,
    If using ssh make sure you have a domain name, host name and a generated rsa key.  Assuing you've done that, the the following ACL and line vty command will do the trick.  Note that the 1-50 host list is not on a subnet barrier.
    To get it exactly
    access-list 1 remark ALLOW MANAGEMENT
    access-list 1 permit 192.168.200.0 0.0.0.31
    access-list 1 permit 192.168.200.32 0.0.0.15
    access-list 1 permit 192.168.200.48 0.0.0.1
    access-list 1 host 192.168.200.50
    access-list 1 deny any log
    It would be a good idea to put it on a boundary though, so the following would be much more simpler and easier to read.
    access-list 1 remark ALLOW MANAGEMENT
    access-list 1 permit 192.168.200.0 0.0.0.63
    access-list 1 deny   any log
    Apply the access-class on the vty lines and depending on authentication, i'd put something there too.
    line vty 0 4
    access-class 1 in
    transport input ssh
    password blahblah
    That ought to do it.
    good luck!
    Brad

  • Ssh access into virtual context on the ACE module A(2.2)

    Hello,
    I tried to configure:
    Admin(conf)#context test
    Admin(conf-context)#ssh key rsa1 1024
    but this command ssh is not supported int this newest version. How can I configure the ssh access directly into virtual context on the ACE module??
    Thank you

    Here's a link on how to configure it.
    https://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/access.html#wp1049450
    Hope that helps.

  • WRVS4400n port forwarding (SSH access)

    I have a WRVS4400n and a CentOS server that I need to enable a SSH access to from WAN.
    I created a single port forward rule to open port 22 and forward to server (which address is 192.168.41.3)
    However ssh connect doesn't happen, the command "ssh user@{external_IP}" times out after 20 seconds.
    Wondering why...
    If I connect my server directly to modem through outside interface - I have no problems connecting to it. Once it's behind router - no luck.
    I even added same rule for UDP, not sure if it's needed, but it definitely didn't hepl.
    The router is on firmware version 2.0.1.3, version on a bottom is 2.
    Any suggestions?

    Hi Randy Manthey, Thanks for quick response. The server has 2 interfaces:  eth0 (outside, WAN) currently down. When it was up it had a static IP, default gateway and mask assigned by ISP. It was plugged into the cable modem at that time, it was accessible.  eth1 (inside, LAN), up, address 192.168.41.3, default gateway 192.168.41.1 (which is above mentioned Cisco router WRVS4400n). It can ping all machines on LAN, including gateway. It is accessible to all machines on LAN and can be pinged by the Cisco router. It CANNOT ping any IP address on WAN (I understand this is because eth0 is down).  Let me know if you need any other info. Thank you.
    Edit: I got home (the router is in one of my offices) and scanned the router with nmap:
    nmap -v -sT -PN XXX.YYY.ZZZ.88
    Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-24 23:24 EDT
    Initiating Parallel DNS resolution of 1 host. at 23:24
    Completed Parallel DNS resolution of 1 host. at 23:24, 0.04s elapsed
    Initiating Connect Scan at 23:24
    Scanning wsip-XXX-YYY-ZZZ-88.nn.nn.nnn.net (XXX.YYY.ZZZ.88) [1000 ports]
    Discovered open port 8080/tcp on XXX.YYY.ZZZ.88
    Completed Connect Scan at 23:24, 6.06s elapsed (1000 total ports)
    Nmap scan report for wsip-XXX-YYY-ZZZ-88.nn.nn.nnn.net (XXX.YYY.ZZZ.88)
    Host is up (0.033s latency).
    Not shown: 999 filtered ports
    PORT     STATE SERVICE
    8080/tcp open  http-proxy
    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 6.14 seconds
    Port 8080 - is a port for remoute router administration.

  • SSH Access On Specific IP

    Hi,
    I have configured 10 interface vlan on my cisco core switch 6509.
    However I want my users SSH it on management IP only. SSH access on other IP (defined for each interface vlan) should be blocked by switch.
    Kindly suggest how to configure this.
    Thanks in advance.

    You could use an ACL, CoPP, CPPr to do it. Here's an example-
    http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_553261.html
    Hope it helps.

  • Compile and debug to a remote server with ssh access

    How can i compile and debug from my Mac to a remote server that has ssh access only?

    Besides Microsof's Remote Desktop Connection
    <http://www.microsoft.com/mac/products/remote-desktop/default.mspx>
    Applications -> Remote Desktop Connection
    Computer:  windows.pc.address
    -OR-
    Computer:  windows.pc.address/console
    There is also CoRD (Microsoft RDC Screen Sharing)
    <http://www.macupdate.com/info.php/id/22770/cord>

  • Ssh access without password

    How do set up ssh access without password? I follow the steps below but didn't work:
    1. ssh-keygen -t rsa
    2. copy the id_rsa.pub to the remote host and rename it to authenticated_keys
    3. ssh-agent $SHELL
    4. ssh-add
    5. try testing:
    ssh <remote host> date
    It still prompt for the password. Did I miss out some steps? Pls help if you know the asnwer.

    May be you need to look sshd.conf (or like) file and edit it. If that does not solve the problem, you may need to consider .shost file as in casr of rcp and rlogin you configure .rhosts file.

  • ACS 5.3 SSH Access

    I have recently virtualised an ACS 5.3 on ESX 3.5 to trial before upgrading our old 3.3.
    Problem is when I come to sync the ACS with a time server I discovered I can't login directly.
    I can login to the webinterface with out any problems but not when SSH'd
    login as: acsadmin
    Using keyboard-interactive authentication.
    Password:
    Access denied
    Using keyboard-interactive authentication.
    Password:
    Am I missing something...

    The username for ssh is admin (unless you specified a different name), also the password can be different. It is based on how you entered it in the installation script.
    default superadmin account for web is acsadmin however the two accounts are not synced and neither are the databases. You create an account for GUI access, it doesn't get cli access and vice versa.
    Thanks,
    Sent from Cisco Technical Support iPad App

  • ASA 5505 ssh access question

    Hi,
    Currently any ip address can ssh to my asa 5505 firewall outside interface. What should I do to restrict only certain IP can? What's the command to see the current ssh management access rule?
    Thanks.
    Ye 

    I tried this and got an error. Please help.
    CL-T179-12IH# ssh 162.221.204.59 255.255.255.255 outside
                                     ^
    ERROR: % Invalid input detected at '^' marker.
    Also when I do   "show run ssh" I see below line. How to remove it?
    ssh 0.0.0.0 0.0.0.0 outside
    Thanks.
    Ye

  • SSH access

    I have approximately 500 remote sites. They are primarily 5505's connecting to us as EzVPN clients. I have the outside interface configured for SSH, but I get a network connection error any time I try to connect to any of the sites. Below is my config, could someone tell me what I am missing to be able to SSH into these devices?
    ASA Version 8.0(3)
    hostname xxxxxxxx
    domain-name xxxxxxxx.com
    enable password xxxxxxxx encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address x.x.x.x 255.255.255.192
    interface Vlan2
    nameif outside
    security-level 0
    ip address x.x.x.x 255.255.255.252
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    passwd xxxxxxxx encrypted
    boot system disk0:/asa803-k8.bin
    ftp mode passive
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server x.x.x.x
    name-server x.x.x.x
    domain-name xxxxxxx.com
    pager lines 24
    logging enable
    logging timestamp
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-522.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http x.x.x.x 255.255.255.192 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    vpnclient server xxxx.xxxx.com
    vpnclient mode network-extension-mode
    vpnclient nem-st-autoconnect
    vpnclient vpngroup xxxx password ********
    vpnclient username xxxx password ********
    vpnclient enable
    threat-detection basic-threat
    threat-detection statistics access-list
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:5c86d7e9a681ff69bca5e
    : end

    George
    First a question: have you generated the RSA keys on the ASA which are needed to support SSH?
    Second a suggestion: if you have configured the RSA keys and SSH does not work, then I suggest that you configure at least one user & password on the ASA, and then configure authentication of SSH specifying LOCAL as the authentication source.
    HTH
    Rick

  • Ssh Access-list

    Hi,
    I want to create an access-list that will allow any host to ssh to the Management address of a switch but, only the
    Management address. Does this look like a clean way to do this?
    ip access-list extended SSH_ACCESS
    permit udp Management VLAN ip any eq 22
    permit tcp Management VLAN ip any eq 22
    deny udp any other switch ips eq 22
    deny tcp any other switch ips eq 22
    permit ip any any
    line vty 0 15
    ip access-group SSH_ACCESS
    Thank you, Pat.

    Hi
    In IOS Version 12.4 its work likes that only. Can anyone try this in IOS version 15?
    R2#
    R2#sh ip int br | i up
    FastEthernet0/0            192.168.10.2    YES manual up                    up
    R2#
    R2#
    R2#telnet 192.168.10.1 /so fa0/0
    Trying 192.168.10.1 ... Open
    R1#
    R1#
    R1#sh ip access-list 100
    Extended IP access list 100
        10 permit tcp host 192.168.10.2 host 192.168.10.1 eq telnet log
        20 permit tcp host 192.168.10.2 any eq telnet log (8 matches)
        30 permit tcp any any eq telnet log
    R1#
    R1#
    R1#
    R1#sh ver | i Version
    Cisco IOS Software, 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)
    ROM: 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)
    R1#

Maybe you are looking for

  • Background job abend error

    Hi all, my background job abends with following errors.      1. Error when assigning SID: Action VAL_SID_CONVERT table Z......      2. Activation of M records from DataStore object Z...... terminated      3. Process 000002 returned with errors. Can a

  • How can i remove services from the transient name service?

    hello all.. i am using the transient name service and i would like to remove a service if a server goes down...how can i do that?

  • MS Word Template in Content Server

    Hi, we have this problem. we have a Z transactions asking the user to give some data and save it in a table with key number, the user can attach several documents (.DOC) from local pc and transaction use content server to store these documents and li

  • Iphone4s and iTunes on iBook g4

    I can't get iPhone 4s to show up in iTunes on my iBook g4. IPhoto opens but not iTunes. It is not primary computer and synch works on my newer iMac. Any tips? Thanks.

  • Bluetooth connection not present

    The option for me to use bluetooth doesn't exist in my pc suite. It was there, but has disappeared. I have re downloaded and repaired pc suite, but still no joy. Any ideas?