Secure Shell (ssh)
A common ssh program for Windows is PuTTY. For more information see:
By default, ssh access is blocked by the NetManager firewall and ssh access is allowed to all users (but no NetManager inbuilt system users except for ncadmin). This means that users on your LAN (or other trusted networks such as VPN connections) can use ssh, scp or sftp. Users do not not have interactive accounts by default and so will not be able to get to a command line (instead they will be taken to a console-based email client). Please note that the root account is not allowed to log in over ssh with a password; to login as root, you need to follow the instructions here or use ssh keys.
Before opening up firewall access to ssh to allow remote access, we recommend you lock down access further unless you are confident about the complexity of passwords for all users.
The Security > ssh tab in webadmin allows you to customise the settings:
Our recommendations are to do at least one of:
- Deny password authentication - you will need to set up ssh keys to access
- Deny all users - you can then allow just the users you want to have ssh access
Configuration file directives
Deny password authentication corresponds to
sshd_user_denyto space-separated lists of groups and users):
sshd_user_allow="" sshd_group_allow="" sshd_group_deny="staff" sshd_user_deny="baduser"Deny all users with no overrides corresponds to:
sshd_user_allow="" sshd_group_allow="" sshd_user_deny="*" sshd_group_deny=""Deny all users with certain users/groups allowed corresponds to (set
sshd_user_allowto space-separated lists of groups and users):
sshd_group_deny="" sshd_group_allow="staff" sshd_user_deny="" sshd_user_allow="gooduser"