Secure Shell (SSH) Server

The Secure Shell (SSH) service, sshd, is always enabled in the host namespace (Networking Namespaces) by default. The SSH service can also run in the dataplane namespace, and may be active in both namespaces at the same time. The dataplane namespace instance of SSH is configured using the ssh dataplane (enable|disable) command.

Warning

Though the SSH service is capable of running in the dataplane namespace, it should not be exposed to insecure networks. Brute force and other attacks against SSH servers are common on the Internet, and exposing TNSR to such attacks reduces its overall security. At a minimum, access to the service should be restricted to specific remote hosts or networks by ACLs.

The best practice is to only run SSH in the host namespace.

To enable the SSH service for the dataplane namespace:

tnsr(config)# ssh dataplane enable

To disable the SSH service for the dataplane namespace:

tnsr(config)# SSH dataplane disable

Control the SSH Service

The SSH service is controlled by the service ssh (host|dataplane) (start|stop|restart|status) command.

In most cases manual control of the service is unnecessary as the server will start and stop as needed based on the configuration.