When using SSH, you might realize that you are running into problems accessing the device, especially when coming from the outside of the unit accessing the WAN-port. This tutorial will tailor at some possible root causes for this misbehaviour! When wanting to configure your device via terminal, SSH is most likely the way to go. We recommend using an SSH Client like PuTTY for this task: https://www.putty.org/
First, take a look under Configuration > System > SSH. Make sure that the SSH daemon on the unit is activated.
The next step will be to check the firewall rule if SSH is allowed. From LAN, SSH access should be allowed by default. Coming from WAN, we have to add a firewall rule:
This firewall rule is allowing SSH from WAN to the Zywall itself. This way, accessing SSH port 22 on the USG will be allowed when the access is being initiated from the internet.
After accessing this rule, you should be able to use any terminal program which supports SSH to access the USGs CLI:
Note:
Please keep in mind that hacker can use the same access. We recommend you to provide the admin with a strong password or limit the WAN access to your WAN IP.
Here is what account type that can access which service on the firewall:
| Account Type / Service | Console | Telnet / SSH | HTTP | FTP |
| Admin | Yes | Yes | Yes | Yes |
| Limited-admin | Yes | Yes | Yes | Not |
| User | Not | Yes | Yes | Not |
| Ext-user | Not | Yes | Yes | Not |
| Guest | Not | Not | Yes | Not |
Comments
3 commentsPlease sign in to leave a comment.
How to automate commands execution using SSH? There is a way to do it?
Is there any way to remote control it using some kind of API or any other method?
Dear Mr Scheiner,
regarding your two questions:
1) "Is there any way to remote control it using some kind of API or any other method?"
If your goal is to be able to remote access the USG via SSH, then you simply have to add SSH UDP and TCP as an accessible option from WAN to your Device.
In order to do that, here a very brief summary of what to do:
- Move to Configuration > Object > Services > Service Group, Edit "Allow_WAN_to_ZyWALL"
- Add the Service-Group "SSH" to the selected services (Service-Object-Groups can be found when scrolling way down the list of the available services)
That already should do the trick, reason is that there is a security policy (firewall rule) which allows from WAN to ZyWall all services linked into "Allow_WAN_to_ZyWall"
2) "How to automate commands execution using SSH? There is a way to do it?"
Yes, there are possibilities to have the USG execute scheduled commands - for more information on this, please create a support case with our support team, and we will be happy to assist!