Enable SSH to Ethernet
This topic provides methods to configure a target device to enable ssh over Ethernet.
Overview
Upon upgrading to Legato 16.10.0 SSH is disabled on all network interfaces except usb0.
IPTable rules have been added to DROP any SSH (port 22) traffic on all interfaces except usb0.
Rule configuration is stored in /etc/iptables. rules.v4 (IPV4) and rules.v6 (IPV6) contain the following default configuration:
IPV4 Config:
# Generated by iptables-save v1.4.21 *filter :INPUT ACCEPT [65:13163] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [15:3656] # The following line disables ssh over all interfaces other than usb0. # To enable ssh on a different interface, replace 'usb0' with other # interface's name, e.g.: # -A INPUT ! -i eth0 -p tcp -m tcp --dport 22 -j DROP -A INPUT ! -i usb0 -p tcp -m tcp --dport 22 -j DROP COMMIT
Enabling SSH over eth0
Edit the rules to enable eth0 and disable usb0 by removing the comment on the eth0 line and commenting out the usb0 line, as follows:
-A INPUT ! -i eth0 -p tcp -m tcp --dport 22 -j DROP # -A INPUT ! -i usb0 -p tcp -m tcp --dport 22 -j DROP
- Warning
- Only one interface may be enabled at any one time. If you leave both uncommented you will lock out BOTH interfaces and my render your device unusable.
To apply the updated rules reboot your target.
- Note
- To enable usb0 again comment out the eth0 line and uncomment the usb0 line.
Copyright (C) Sierra Wireless Inc. Use of this work is subject to license.