SSH Access to Blade
AXP provides secure shell (SSH) access to the AXP CLI through a default user, sysadmin, that acts like a system administrator. The password for the default system administrator must be configured by the user through the CLI, before SSH access to the AXP CLI. This initial configuration gives users direct SSH access to the AXP CLI and also allows them to perform remote configuration without having to constantly access Cisco IOS and telnet into the service module.
- Configure password protection
o For direct SSH access to the AXP CLI, a user must first telnet into the service module and configure the password.
o If "service password-encryption" is enabled, system will encrypt the clear text password entered and saved it in the encrypted format in the configuration file.
o If user prefers to keep clear text password, then "service password-encryption" shall be disabled with no....
o no service password-encryption
o no username sysadmin password [ 0 | APPLICATIONEXTENSIONPLATFORM:7] clear-password-string
- Configure SSH server
o SSH access to CLI server opens up the SSH channel to allow remote access to AXP blade. This potentially raises security concern. The following configuration allows user to have more control over SSH service.
o no ip ssh server
+ This command will enable the SSH service (i.e. starts the SSHD daemon). Default SSH service is enabled. When "no ip ssh server" is configured and sshd was running, SSHD is instructed to stop. This will cause AXP to no longer accept new SSH session but will keep existing SSH session alive.
o no ip ssh interface interface
+ This command will explicitly specify which interface SSHD should listen on for incoming connection. If no such statement specified (default), SSHD will listen on all interfaces.
+ In the case that SSHD is configured to listen to specific network interfaces (explicit configuration), an ip address change of one of those interface will not be detected by SSHD causing the inability of SSHD to accept connection on the modified interface. The workaround for this is to restart SSHD or the blade.
- Diagnose SSH server
o show processes
+ Use this command to view the state of the SSHD process
o show processes memory
+ Use this command to display the information of the sshd process when running.