Vyatta vRouter: Allow an IP address to access the vRouter via SSH

This article demonstrates how to configure an IP address to connect to a Brocade Vyatta vRouter through SSH, for administration purposes.

Connect to the vRouter

Note: After you've accessed the vRouter, you should add a local user. If you are not logged in via SSH as the user Vyatta or as an administrative user, then access the vRouter remotely or through the console, then add a local user. Follow the procedure described in Vyatta vRouter: Adding a local administrative user.

Add the IP address to the SSH group

After you are logged in to the vRouter, add the IP address to the VYATTA-SSH-ALLOW group, as follows:

set firewall group network-group VYATTA-SSH-ALLOW network 1.1.1.1/32

The VYATTA-SSH-ALLOW group contains the IP addresses that Rackspace uses to connect to this device. This group is also applied to a firewall that protects traffic destined for the vRouter itself. Do not remove this group.

Verify that the group is applied to the vRouter's local firewall of the public interface, as follows:

vyatta@vya-1:~$ show configuration commands | grep local
set interfaces ethernet eth0 firewall local name 'PUBLIC-LOCAL-IN'

vyatta@vya-1:~$ show configuration commands | grep PUBLIC-LOCAL-IN
set firewall name PUBLIC-LOCAL-IN rule 6 action 'accept'
set firewall name PUBLIC-LOCAL-IN rule 6 destination port '22'
set firewall name PUBLIC-LOCAL-IN rule 6 protocol 'tcp'
set firewall name PUBLIC-LOCAL-IN rule 6 source group network-group 'VYATTA-SSH-ALLOW'

More information about SSH

• Connecting to a server using SSH on Linux or Mac OS
• Rackspace Cloud Essentials - Checking a server's SSH host fingerprint with the web console
• Generating RSA Keys With SSH - PuTTYgen