The default configuration of your gateway does not enable connections to the SSH server. To permit shell access, you must enable the server in the Security Gateway Management Interface (SGMI).
To enable access to the SSH server
- In the Security Gateway Management Interface, in the left pane, under System, click Configuration.
- In the right pane, on the Features tab, under SSH Connection, check one or both of the following:
- SSH version 1
Enables connections from SSH version 1 clients
- SSH version 2
Enables connections from SSH version 2 clients
- SSH version 1
- In the Logon banner box, type the greeting that you want the SSH server to display when the client connects.
This feature works only with SSH version 2 clients.
- On the toolbar, click the Activate icon.
- When you are asked to save your changes, click Yes.
When you connect your SSH client to the IP address of the firewall and provide your credentials, you may be prompted to accept a digital signature. If the signature is correct, accept it. You can now interact directly with the command shell of your security gateway.
This information is also available in the Symantec Gateway Security 5000 Series 3.0 Administration Guide.
If you need to pass other traffic over TCP port 22, read Redirected services for SSH or SGMI protocols do not work with Symantec Gateway Security 5600 Series appliances.
In the default configuration, the default administrator account is allowed to connect to the SSH server. All other accounts are disallowed. After you enable SSH server access, all administrative users can connect.