Document toolboxDocument toolbox

Telnet and SSH Proxy Operation

Owned by Viktoryia Varapayeva (Deactivated)
Last updated: Mar 30, 2022
2 min read

The NetMRI appliance functions as a Telnet and SSH session proxy for users to communicate by command line with devices on the network, including devices that the system sees and can reach, but does not manage. This functionality extends to Telnet or SSH sessions with NetMRI devices themselves.

The Telnet/SSH proxy also provides full VT100 emulation for systems and devices that need it. NetMRI provides a hard limit of ten concurrent SSH or Telnet sessions from any NetMRI instance to other devices. For example, if one user has seven Telnet sessions open on a NetMRI instance, all other users are limited to a total of three additional terminal sessions.

Note

Operations Center Only: The Telnet/SSH proxy works transparently in the OC as a two-tiered proxy to communicate to devices reachable by the individual collectors. The proxy is two-tiered because the OC cannot talk directly to devices–only Collectors can do so. Telnet/SSH operation is transparent and behaves normally when initiating sessions from the OC appliance.

For any Telnet or SSH session, administrative users can define user CLI credentials for other NetMRI user accounts. The location for configuring is Settings icon > User Admin > edit User > CLI Credentials tab. Accounts that can modify CLI credentials for themselves and other users include SysAdmin, UserAdmin and ChangeEngineer High. Without User CLI credentials, other users can still log in to devices using their own device-specific credentials. This is particularly handy for devices that are not directly managed by NetMRI, such as Linux systems, but for which a user has a specific account. Some devices that are detected and/or managed by NetMRI may not provide the same level of Telnet or SSH as NetMRI. This is an advantage of the Telnet/SSH proxy.

Some NetMRI user accounts, such as ChangeEngineer Low, will not be able to start terminal configuration sessions using the Telnet/SSH proxy. System credentials can also be used for Telnet/SSH sessions. For more information, see Creating Admin and User Accounts.

Note

The default admin account cannot use the Telnet/SSH proxy feature through CLI. Create another account to use this feature. Alternatively, you can connect to the device through the web UI, for example, using Anyterm SSH console, to be able to use this feature.

All session activity is logged. For more information, see User Audit Logs.

Note

All Telnet/SSH proxy sessions have an inactivity timeout of five minutes. This value cannot be changed. NetMRI allows only one session to a device from the same NetMRI instance.

To open a Telnet or SSH session with a device, perform the following:

  1. Right-click on the IP address hyperlink for a device. The shortcut menu appears.
  2. From the menu, select Telnet Session or SSH session based on your preferences.

Note

Before typing, click in the browser-based Telnet or SSH session window after you open a session.