Enabling command-line access for Symantec Gateway Security 3.0

Article:TECH83647  |  Created: 2005-01-23  |  Updated: 2006-01-22  |  Article URL http://www.symantec.com/docs/TECH83647
Article Type
Technical Solution


Issue



You need to obtain access to the command-line shell for Symantec Gateway Security 3.0.


Solution



Symantec Gateway Security 3.0 no longer supports the SRL Client that was used in previous versions to interface with the operating system shell. Symantec Gateway Security 3.0 uses a secure shell (SSH) server to provide shell access to administrators. To connect to the SSH server, you must have an SSH client. The gateway supports SSH version 1 or version 2.

The default configuration of your gateway does not enable connections to the SSH server. To permit shell access, you must enable the server in the Security Gateway Management Interface (SGMI).

To enable access to the SSH server
  1. In the Security Gateway Management Interface, in the left pane, under System, click Configuration.
  2. In the right pane, on the Features tab, under SSH Connection, check one or both of the following:
    • SSH version 1
      Enables connections from SSH version 1 clients
    • SSH version 2
      Enables connections from SSH version 2 clients
  3. In the Logon banner box, type the greeting that you want the SSH server to display when the client connects.
    This feature works only with SSH version 2 clients.
  4. On the toolbar, click the Activate icon.
  5. When you are asked to save your changes, click Yes.

When you connect your SSH client to the IP address of the firewall and provide your credentials, you may be prompted to accept a digital signature. If the signature is correct, accept it. You can now interact directly with the command shell of your security gateway.


References
This information is also available in the Symantec Gateway Security 5000 Series 3.0 Administration Guide.


If you need to pass other traffic over TCP port 22, read Redirected services for SSH or SGMI protocols do not work with Symantec Gateway Security 5600 Series appliances.


Technical Information
In the default configuration, the default administrator account is allowed to connect to the SSH server. All other accounts are disallowed. After you enable SSH server access, all administrative users can connect.




Legacy ID



2005082310201154


Article URL http://www.symantec.com/docs/TECH83647


Terms of use for this information are found in Legal Notices