SSH Security

This article applies to all product versions.

Setting SSH

When deploying the JetStream DR MSA, a public key can be set to govern access to the system. If it is not provided, the system will allow password based SSH access, which may be considered a security issue.

Note: An option is provided to disable SSH access and prevent it from being used to log into the management server.

1. To toggle password based SSH access for users to log in to the MSA:
   • Edit the file /etc/ssh/sshd_config.
   • Set the PasswordAuthentication option to “yes” or “no”
   • Restart the sshd service using the command: service sshd restart.
2. Additional SSH public keys can be manually appended to the file /root/.ssh/authorized_keys or added by using the script ssh-copy-id.
3. If the directory or the file does not already exist, either can be manually created using the following commands:
   
   mkdir /root/.ssh
echo “” >> /root/.ssh/authorized_keys
chmod 600 /root/.ash/authorized_keys
chmod 700 /root/.ssh/

External references:
man sshd_config – https://man7.org/linux/man-pages/man5/sshd_config.5.html
man ssh-copy-id – https://www.unix.com/man-page/linux/1/SSH-COPY-ID/
man sshd – https://man7.org/linux/man-pages/man8/sshd.8.html

Note: The directory must have access mode 700. The file must have access mode 600.

Enable SSH on the MSA

Follow these steps to enable SSH on a Management Server Appliance.

1. Log in to the MSA appliance web console.
2. Edit the sshd config file:
   • vi /etc/ssh/sshd_config
3. Enable root login:
   • PermitRootLogin
4. Restart the sshd service:
   • service sshd restart