SSH Access in IGEL OS 12
This article shows how to configure Secure Shell (SSH) access to the device in IGEL OS.
Menu path: System > Remote Access > SSH Access
Enable
☑ The SSH service is enabled.
☐ The SSH service is disabled. (Default)
If SSH access is enabled, you can configure the following:
Permit empty passwords
☑ Logging on without a password is allowed.
☐ Logging on without a password is not allowed. (Default)
Permit administrator logon
☑ Logging on as an administrator is allowed.
☐ Logging on as an administrator is not allowed. (Default)
Port number
Port number for SSH. (Default: 22)
User Access
List of configured users.
Unlike root and user, the ruser is not intended for real SSH sessions, but only for starting X applications that are listed below under Applications Access for Remote User “ruser”.
To manage the list:
User name
Permitted user
Hostname
Name of the host from which SSH access takes place (example: xterm.igel.de
)
Deny
☑ Access is denied.
☐ Access is allowed. (Default)
For ruser
a password has to be assigned under Security > Password. The names root
and user
work also without passwords. For more information, see Password and User Types in IGEL OS 12 .
Permit X11 forwarding
☑ X11 forwarding is enabled.
☐ X11 forwarding is disabled. (Default)
Applications Access for Remote User “ruser”
The ruser
is not intended for real SSH sessions, but only for starting X applications configured below. By default these are localshell
and /config/sessions/setup0
.
If you try to log on to the device as ruser via SSH, then you will never be able to connect. The connection will be closed immediately without anything happening. In this case you must add the parameter "-X" and the program to be started in the session call, like in this example:
ssh -X ruser@192.168.10.203 localshell
To manage the list:
Command line
Command that is allowed or prohibited for the remote user
Enable application
☑ The application given under Command line may be executed by the remote user. (Default)
☐ The application given under Command line may not be executed by the remote user.