How to establish a Reverse SSH to a Serial Device... Cable required
Transcription
How to establish a Reverse SSH to a Serial Device... Cable required
How to establish a Reverse SSH to a Serial Device behind the AirLink device This article applies to the ES440, GX440 and LS300 AirLink devices. Cable required When using a blue console cable to connect to a Cisco router, you must use an additional NULL modem DB9 adapter, ending in a DB9 Male connector that is attached to the AirLink device’s serial port. For other router vendors, the adapter may be required, depending on the router’s console port. Typical console cables AirLink devices support a DCE Female DB9. See DB9 pin-out at the end of this article. Setting up a Reverse SSH connection The following illustration shows a standard Out of Band (OOB) connection between the AirLink device and a router: 1 Enabling the SSH server Go to ACEmanager > Services > Telnet/SSH and select SSH as the Remote Login Server mode. It is important to enter the Remote Login Server Telnet/SSH port which is by default Port “2332”. This is the port that will be used when establishing SSH sessions. Note: Since you have enabled the SSH server, you will be reaching the connected serial device by establishing a Reverse SSH session. Basically, Telnet has been disabled. Keep in mind when opening SSH sessions that the port to be used is the Remote Login Server Telnet/SSH port. Enabling Reverse Telnet/SSH Go to ACEmanager > Serial: Port Configuration and set the Startup Mode Default field to “Reverse Telnet/SSH”. Configure the serial port to match your serial device. Most routers console ports are set to 9600, 8N1. That’s it for this menu. The Auto login option is not supported when establishing Reverse SSH connections. The Device port is not used at all for Reverse SSH connections. 2 Testing SSH into a connected device To test Reverse SSH functionality, open any SSH application. For this example, we used “putty.exe”. The following screen shot shows that application. Replace the Mode WANIP with the Cellular IP address obtained by the AirLink device from your Mobile Network Operator. For our example, it is 166.10.10.10 A message similar to the following is displayed: If the cable is correct and the router is accepting OOB messages, it prompts for the SSH login credentials. You must provide ALEOS Reverse Telnet/SSH credentials (username: sconsole, and password: 12345). After that, you are prompted for the router’s console login credentials username and password. 3 Please note if you use the default user: user and password: 12345, it establishes a normal AT command session. Reverse SSH and VPN When the AirLink device is connected to a VPN, assuming it has the default device IP 192.168.13.31, you can access the OOB router on the serial console port from a computer on the VPN network establishing an SSH session to IP 192.168.13.31 on port 2332. Please note that it is using the device LAN IP or Device IP address. The connection is redirected to the device’s serial port, which in turn makes the connection to the router, as shown below: VPN Server Internet PC connected to VPN SSH to 192.168.13.31/2332 Wireless Network D B 9 To Router’s Console port PC not connected to VPN SSH to 166.10.10.10/2332 *Out of band connection VPN Tunnel *If the device has a VPN Split tunnel enabled, it means the ACEmanager out of band is set to “Allowed”. It is possible to access the OOB router’s console port using the device’s Public WAN IP address, for example, SSH to 166.10.10.10 on port 2332 by default. Troubleshooting I am attempting an SSH connection on a specified SSH port, but the connection times out. There are several possible reasons for this. First of all, the device should have a Public IP that can be accessed from the Internet. Test accessing the device using ACEmanager on port 9191, and then try to make the connection using SSH on the default ALEOS port, 2332. If that works, be sure the Reverse Telnet/SSH has been set to SSH. Verify that the serial port configuration matches your serial device, and check the console cable. I can establish an SSH connection with the Remote login Server Telnet/SSH port, but it does not prompt for the router’s console login credentials. Check the console cable. Reverse Telnet/SSH is a stable feature, however hardware issues arise in the field mostly because of incorrect console cables or DB9 adapters. Be sure to use console cables specified by the router’s manufacturer. In most of the cases, a DB9 null adapter is required. When Reverse Telnet/SSH is enabled, can I still connect to the device using Telnet to port 2332? No. It is not possible to use Telnet on 2332 once SSH has been enabled. The AirLink device only accepts 4 SSH connections on the Reverse login server Telnet/SSH port, as shown in ACEmanager > Services > Telnet/SSH. Depending on whether you are using user: user or sconsole, you will be redirected to either an AT command session or an SSH to serial port. What is the DB9 pin-out for the AirLink device? What are the DB9 and RJ 45 standard pin-outs for Cisco cables? 5