Third Party Remote Access
Version 1.1.1 - General deployment
Version 1.1.0 - General deployment
- Feature: support Master/Clone configuration (M0003645)
Version 1.0.0 - General deployment
- Feature: support baseline 2 (M0004014)
Module configuration interface
- SSH Server hostname: The hostname of public IP address of your SSH server
- SSH Server port: The TCP port number of the SSH server itself. May be left blank in which case the standard port 22 is assumed.
- SSH Server username: The username to use on your SSH server. May be left blank in which case 'root' is assumed.
- Forwarded ssh port: The TCP port number through which the SOP's ssh port will be made available.
- Forwarded http port: The TCP port number through which the SOP's http port will be made available.
- Forwarded app port: The TCP port number through which the SOP's "application" port will be made available. The application port can be used to connect a specialized Escaux management application. * Before version 1.1.1, Active/Standby configuration was not supported. Version 1.1.1 and upper enable also to specify a username, the ssh port, the http port and the app port for the clone.
This module enables a reseller to maintain a management connexion between the reseller operation center and the SOP connected to the LAN of the reseller's customer in order to:
- Access customer's SOP shell for troubleshooting purpose.
- Access customer's API from a single point for monitoring purpose.
- Access customer's end points (IP phones, net.Desktop, net.Console).
The only required hardware to do this is a server running linux and an openssh server. An example of such a linux installation is given in the 'Usage example' section of this document.
Important Security warning
: The role of this application is to give a way to maintain a permanent IP connexion between the SOP and the reseller network through SSH for ease of management.It is obvious the security impact of such a connexion must be integrated in the reseller security policy and adequate action must be taken by the reseller to enforce his security policy.
After installing the module, you need to copy the public key of the SOP to your SSH server:
- SOP Shell > Subsystems > 3rd Party Connection > Install ssh key
- At the password prompt enter the password to login on your SSH server as the specified user.
- The public key will be appended to your server's authorized_keys file.
- If you do not receive a password prompt it may be that the SOP is already authorized, this is ok and there is no need to redo it.
- The connection should come up automatically now. It may take 30 seconds however. If you are impatient, you can stop and start the connection.
- You may verify the log using "View Log". When the last line says "Starting", the connection is established.
SSH Server Configuration Hints
Any Unix-like system running openssh can serve as an SSH Server. The ssh port must be accessible from the Internet either through a fixed public IP address or DNS name. If you only have a dynamic IP address you can setup a dynamic DNS.
By default the
option is set to
in many distributions. This needs to be changed to
) to allow you to connect directly to the SOP from any PC in your LAN. Alternatively you may first login to you SSH server and then connect to the SOP through
Suppose the following setup:
You have an SSH Server in your LAN with IP address 10.0.0.90. You have configured your firewall to forward port 2222 of your public IP address 18.104.22.168 to the SSH Server (port 22). You've created a special account on the ssh server named 'sop1'
You've configured this module:
- SSH Server hostname = 22.214.171.124
- SSH Server port = 2222
- SSH Server username = sop001
- Forwarded ssh port = 10022
- Forwarded http port = 10080
Once the connection from the SOP (through your firewall) to your SSH Server is established, the ssh server will accept connections on port 10022. When you connect to that port you will in fact be connected to the Customer SOP. Note that if you did not configure your SSH Server with
, you can only connect to that port from the SSH Server itself.
By configuring also the http port (and using
) you can even connect to any web application on the SOP (filemanager, netDesktop,...). For e.g. the filemanager use
In order to install the SSH server:
- download http://www.ubuntu.com/getubuntu/download or another place to get Ubuntu Server
- Select server
- Select standard edition
- Check 'alternate desktop CD'
- Click on download
- write the iso file on a CD
- Put the CD in a dedicated server (the data will be erased) and follow the Ubuntu installation process. Pay attention to the following steps
- IP address, netmask, gateway and DNS must be the reseller LAN IP parameters. For example the IP address in this example is 10.0.0.90.
- Create an administrator account. Example: 'reseller" with a secret password
- Choose only OPENSSH server option when installation ask this information.
- Reboot the server.
- Change /etc/ssh/sshd_config and provision a serie of users for your SOP.
sudo bash (enter the password)
echo "GatewayPorts yes" >> /etc/ssh/sshd_config
sudo adduser sop001 (enter password and validate all default answers to questions)
Adding user `sop001' ...
Adding new group `sop001' (1002) ...
Adding new user `sop001' (1002) with group `sop001' ...
Creating home directory `/home/sop001' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for sop001
Enter the new value, or press ENTER for the default
Full Name :
Room Number :
Work Phone :
Home Phone :
Is the information correct? [y/N] y
sudo adduser sop002
sudo adduser sop003
sudo adduser sop004
sudo adduser sop005
sudo adduser sop006
sudo adduser sop007
sudo adduser sop008
sudo adduser sop009
sudo adduser sop010
- Check your administrator has configured the port forwarding correctly. Example: Public IP address 126.96.36.199 port 2222 to [Private IP address of Ubuntu Server
- Install reseller connexion on the sop as indicated in this document
- Log on the shell of the customer sop
- Go to Subsystems > 3rd Party connexion > Install ssh key
- View Log in Subsystems > 3rd Party connexion > View Log (should see 'starting' message)
- In case of problem, stop and restart the connexion via Subsystems > Reseller connexion > Stop and Start
- try to connect via ssh via the private IP address 10.0.0.90 on port 10022 as admin user for example.