Secure SSH access to 7210 SAS-S

Post Reply
duttio
Member
Posts: 1
Joined: 10 Mar 2020 06:01

Secure SSH access to 7210 SAS-S

Post by duttio »

Hello, good morning all.

Apologies for what looks like a basic question.

Searched high and low on the Internet to find out how we can secure our 7210 SAS-S devices and nothing looking concrete as to what I can find.

Just seeing if there is a base config template file to enable us to secure our 7210 SAS-S devices and lock down SSH access to a specific IP address ranges, disable telnet, just the normal kind of device security you'd expect to apply to a Cisco and Juniper.

Many thanks in advance.

mivens
Member
Posts: 257
Joined: 28 Sep 2012 06:34

Re: Secure SSH access to 7210 SAS-S

Post by mivens »

Telnet server is disabled by default and SSH server is enabled.


You can check with
A:switch# show system information  | match SSH
Tel/Tel6/SSH/FTP Admin    : Disabled/Disabled/Enabled/Disabled
Tel/Tel6/SSH/FTP Oper     : Down/Down/Up/Down

and
show system connections  | match LISTEN

Commands to enable/disable telnet:

configure system security no telnet-server
configure system security telnet-server
configure system security no telnet6-server
configure system security telnet6-server

You can configure a management-access filter to control access to SSH/telnet etc.
/configure system security management-access-filter ip-filter
and
/configure system security management-access-filter ipv6-filter

If you have Nokia support credentials, there's a good SR-OS Security BCP Guide at
https://infoproducts.nokia.com/aces/cgi ... 20v2.0.pdf

Otherwise, search for "7210 SAS System Management Guide" in a search engine.

Post Reply

Return to “7210 SAS”