Document toolboxDocument toolbox

(12.4-en) SSH Access in IGEL OS 12

This article shows how to configure Secure Shell (SSH) access to the device in IGEL OS.


Menu path: System > Remote Access > SSH Access

 

 

Enable

☑ The SSH service is enabled.

☐ The SSH service is disabled. (Default)

If SSH access is enabled, you can configure the following:

 

Permit empty passwords

☑ Logging on without a password is allowed.

☐ Logging on without a password is not allowed. (Default)

Permit administrator logon

☑ Logging on as an administrator is allowed.

☐ Logging on as an administrator is not allowed. (Default)

Port number

Port number for SSH. (Default: 22)

 

User Access

List of configured users.

Unlike root and user, the ruser is not intended for real SSH sessions, but only for starting X applications that are listed below under Applications Access for Remote User “ruser”.

To manage the list:

  • User name

Permitted user

  • Hostname

Name of the host from which SSH access takes place (example: xterm.igel.de)

  • Deny

☑ Access is denied.

☐ Access is allowed. (Default)

For ruser a password has to be assigned under Security > Password. The names root and user work also without passwords. For more information, see (12.4-en) Password and User Types in IGEL OS 12 .


Permit X11 forwarding

☑  X11 forwarding is enabled.

☐  X11 forwarding is disabled. (Default)

 

Applications Access for Remote User “ruser”

The ruser is not intended for real SSH sessions, but only for starting X applications configured below. By default these are localshell and /config/sessions/setup0.

 

If you try to log on to the device as ruser via SSH, then you will never be able to connect. The connection will be closed immediately without anything happening. In this case you must add the parameter "-X" and the program to be started in the session call, like in this example: 

ssh -X ruser@192.168.10.203 localshell

 

To manage the list:

  • Click image-20240716-112052.png to create a new entry.

  • Click image-20240716-112056.png to remove the selected entry.

  • Click image-20240716-112059.png to edit the selected entry.

  • Click image-20240716-112103.png to copy the selected entry.



Clicking image-20240716-111938.png brings up the Add dialogue, where you can define the following settings:

 

  • Command line

Command that is allowed or prohibited for the remote user

  • Enable application

☑ The application given under Command line may be executed by the remote user. (Default)

☐ The application given under Command line may not be executed by the remote user.