Using Reverse SSH to Manage Remote Network Elements

In addition to providing a secure, encrypted alternative to Telnet communication, SSH (or Secure Shell Protocol,) can also be used for communication with remote devices located at distant network equipment facilities. Reverse SSH commands can simplify the process of communicating with devices protected by firewalls and also allow communication with isolated LAN segments that are normally only accessible via dial-up or local command port.

In cases where support personnel need communication with devices on isolated LANs, a console server that includes SSH hosting capabilities (such as WTI’s TSM Series Console Server,) can be installed at the remote site to allow access via dial-up connection. Once a dial-up connection to the console server is established, technicians can then use a reverse SSH command to quickly create a connection to any device at the remote site. This simplifies the process of troubleshooting remote network elements or collecting data from devices on the isolated LAN without the need for an expensive, time consuming service call to the site.

In addition to applications where target devices are located on an isolated LAN, reverse SSH communication can also provide a convenient means of out of band communication with devices that are located behind a firewall. Due to the secure, encrypted nature of SSH communication, most firewalls allow inbound SSH commands by default. When a console server that includes SSH hosting capabilities (such as the TSM Series Console Server) is installed behind a firewall, support personnel can connect to the TSM via Ethernet and then create a reverse SSH connection to any device connected to the LAN at the remote site. In cases where technicians need to access devices via both console port and Ethernet, the TSM can be connected to console ports on target devices, allowing remote access to both console port command functions and the normal Ethernet interface.

If the console server used in this type of application includes dual Ethernet ports (such as the TSM-DPE Series Console Server,) then other out-of-band access options such as 3G/4G/LTE cellular broadband and satellite modem communication can also be used to access devices at the site when normal network communication is down.

A console server that supports reverse, outbound SSH connections can provide technical support personnel with a secure, versatile tool for communicating with devices at remote sites that would otherwise be inaccessible. In addition to providing access to console port command functions like other console servers, a console server with SSH Hosting capabilities also allows technicians to communicate with remote devices on secure LANs via network when outside network access is down or impractical.

Tags: , , ,

Comments are closed.