Set up Remote Access to Airshell via SSH

You can enable and set up a secure shell (SSH) public key on physical Airwall Gateways to allow you to remotely log in to run airsh commands. Remote access is limited to running airsh commands, and only to the Overlay IPs, not any Underlay IPs. Remote access uses SSH public/private key pairs, where the Airwall Gateways only see the public key.

Setting up remote access provides a way to configure and troubleshoot your physical hardware without a site visit.
Note: To enable SSH access and add the SSH keys, you first need physical access to the Airwall Gateway.

Before you begin:

To set up remote access, you need:
  • SSH public and private keys for the people's computers that require access – For example, these can be generated using OpenSSH's ssh-keygen command. For example, ssh-keygen -t rsa.
    CAUTION: You should protect your SSH private key with a passphrase.
  • The Airwall Gateway's Overlay IP address where SSH will be used.
  1. If you need to configure an Overlay IP for this Airwall Gateway, you can do it from the Conductor or using Diagnostic Mode on the Airwall Gateway:
    • From the Conductor: Open the Airwall Gateway and go to the Ports tab. Expand the Overlay Port Group, and under IP addresses, configure one or more static IP addresses.
    • From the Diagnostic Mode web interface: Navigate to http://192.168.56.3, open Settings, Port Settings, and under Port Groups, configure an IP address for an Overlay Port Group.
  2. See Connect to a physical Airwall Gateway or Conductor with a console port to connect to the Airwall Gateway and log in to airsh.
  3. Enable SSH access by entering:
    airsh» conf ssh on

    This enables SSH access via the Overlay IP (not the Underlay IP addresses).

  4. Password-based SSH login is not allowed. Configure at least one public SSH key by entering:
    airsh» conf ssh-key add <public_SSH_key>
    Note: There is a potential issue on Airwall Gateway 150s v2.2.8 and earlier when copying and pasting long values (over 35 characters) into the console. If the console becomes unresponsive, try pasting the key in smaller parts.
  5. In airsh, type status to get the IP address to log in to.
  6. To log in remotely, ssh into the IP address, and then log in to airsh:
    login airsh
You can now run airsh commands remotely on the Airwall Gateway. See Access an Airwall Gateway Remotely.