Secure Shell (SSH) Server¶
The Secure Shell (SSH) service, sshd
, is always enabled in the host
namespace (Networking Namespaces) by default. The SSH service can also run
in the dataplane
namespace, and may be active in both namespaces at the same
time. The dataplane
namespace instance of SSH is configured using the ssh
dataplane (enable|disable)
command.
Warning
Though the SSH service is capable of running in the dataplane
namespace,
it should not be exposed to insecure networks. Brute force and other attacks
against SSH servers are common on the Internet, and exposing TNSR to such
attacks reduces its overall security. At a minimum, access to the service
should be restricted to specific remote hosts or networks by ACLs.
The best practice is to only run SSH in the host
namespace.
To enable the SSH service for the dataplane
namespace:
tnsr(config)# ssh dataplane enable
To disable the SSH service for the dataplane
namespace:
tnsr(config)# ssh dataplane disable
Control the SSH Service¶
The SSH service is controlled by the service ssh (host|dataplane)
(start|stop|restart|status)
command.
In most cases manual control of the service is unnecessary as the server will start and stop as needed based on the configuration.