You can restrict SSH access to specific IP addresses by configuring the SUPPORT
LOGIN (SSH) widget. This capability provides specific users with remote root-level access
to the system, which is useful for advanced troubleshooting and debugging.
About this task
SSH access to the system is disabled by default. After it is enabled, any user can
temporarily access the system with a public and private SSH key pair. After the SSH key expires,
no new connections are allowed. Connections that are running when the key expires must be manually
terminated.
If the system is rebooted before the SSH key expires, SSH is automatically
disabled, and you must re-enable the Support Login function.
Procedure
- Log in to QRadar® Network Packet Capture as an
administrator.
-
Click the ADMIN tab.
- Configure the following parameters:
Table 1. Support Login (SSH) parameters
Field |
Description |
IP address whitelist |
The IP addresses that are allowed to access the system by using SSH. Only the specified IP
addresses are granted access to the system. Access is limited to one IP address at a
time.
|
Public SSH Key |
The public SSH key used for authentication. |
SSH key expiration time |
The length of time (in hours) that the SSH key remains valid. When the key expires, new SSH
connections are not allowed.
|
- Click Apply.
- From the Support drop-down list, select Enable support
login (SSH).
The support login capability is enabled. The capability remains enabled for the
time that was specified in the configuration, or until the system is rebooted.
Users who have the
corresponding private key can use SSH to connect to the IP address or hostname on port 8022 as the
root user.
- After the capability is enabled, you can disable it by selecting Disable
support login (SSH) from the Support drop-down list.