Enabling remote login by using SSH

You can restrict SSH access to specific IP addresses by configuring the SUPPORT LOGIN (SSH) widget. This capability provides specific users with remote root-level access to the system, which is useful for advanced troubleshooting and debugging.

About this task

SSH access to the system is disabled by default. After it is enabled, any user can temporarily access the system with a public and private SSH key pair.

After the SSH key expires, no new connections are allowed. Connections that are running when the key expires must be manually terminated.

If the system is rebooted before the SSH key expires, SSH is automatically disabled, and you must re-enable the Support Login function.

Procedure

Log in to QRadar® Network Packet Capture as an administrator.
Click the ADMIN tab.

Configure the following parameters:

Table 1. Support Login (SSH) parameters
Field	Description
IP address whitelist	The IP addresses that are allowed to access the system by using SSH. Only the specified IP addresses are granted access to the system. Access is limited to one IP address at a time.
Public SSH Key	The public SSH key used for authentication.
SSH key expiration time	The length of time (in hours) that the SSH key remains valid. When the key expires, new SSH connections are not allowed.

The SUPPORT LOGIN (SSH) window shows the parameters that must be configured to enable SSH access to the system.

Click Apply.
From the Support drop-down list, select Enable support login (SSH).

The support login capability is enabled. The capability remains enabled for the time that was specified in the configuration, or until the system is rebooted.
Users who have the corresponding private key can use SSH to connect to the IP address or hostname on port 8022 as the root user.
After the capability is enabled, you can disable it by selecting Disable support login (SSH) from the Support drop-down list.