Vyatta vRouter: Allow an IP address to access the vRouter via SSH
This article demonstrates how to configure an IP address to connect to a Brocade Vyatta vRouter through SSH, for administration purposes.
Connect to the vRouter
Note: After you've accessed the vRouter, you should add a local user. If you are not logged in via SSH as the user Vyatta or as an administrative user, then access the vRouter remotely or through the console, then add a local user. Follow the procedure described in Vyatta vRouter: Adding a local administrative user.
Add the IP address to the SSH group
After you are logged in to the vRouter, add the IP address to the VYATTA-SSH-ALLOW
group, as follows:
set firewall group network-group VYATTA-SSH-ALLOW network 1.1.1.1/32
The VYATTA-SSH-ALLOW
group contains the IP addresses that Rackspace uses to connect to this device. This group is also applied to a firewall that protects traffic destined for the vRouter itself. Do not remove this group.
Verify that the group is applied to the vRouter's local firewall of the public interface, as follows:
vyatta@vya-1:~$ show configuration commands | grep local
set interfaces ethernet eth0 firewall local name 'PUBLIC-LOCAL-IN'
vyatta@vya-1:~$ show configuration commands | grep PUBLIC-LOCAL-IN
set firewall name PUBLIC-LOCAL-IN rule 6 action 'accept'
set firewall name PUBLIC-LOCAL-IN rule 6 destination port '22'
set firewall name PUBLIC-LOCAL-IN rule 6 protocol 'tcp'
set firewall name PUBLIC-LOCAL-IN rule 6 source group network-group 'VYATTA-SSH-ALLOW'
More information about SSH
Updated 5 months ago