The description of the cRIO SystemLink installation shows the following message:
Does this imply that SystemLink server needs to be able to reach the SSH port of the connected cRIOs for specific services?
If yes, which services would that be?
The use case I have i mind is a client that is somewhere in the field without being on a VPN or something similar. I wouldn't want to open the SSH port to the internet, I wouldn't be necessary since the client knows how to find the server and it's port are reachable. I would think that if the server needs to setup an SSH connection it could do it by having the client reverse back to the server using the available RabbitMQ communication services. I would like to have a phone home-only situation, not the other way around.
Solved! Go to Solution.
I believe the suggestion is there to hopefully prevent unwanted remote access via the default admin password.
I also understand the same from the description, but this is not the question I asked.
I'll rephrase the question in case it wasn't clear the first time:
Is there a dependency between SystemLink server and a RIO target that explicitly requires access to the cRIOs SSH port from the SystemLink server?
What services is disabled by closing the cRIOs SSH port?
You are right, and those are two good questions.
I will explore our internal SystemLink resources for insight and get back to you with what I find.
SSH is only required if you want to remotely add LinuxRT targets to the server from the server using Discovered Systems view.
If SSH is enabled you can add the target by specifying the IP/hostname, username and password and the SystemLink server will connect to the target over SSH, modify the server IP address/hostname, restart the salt-minion service, and automatically approve the target.
If SSH is disabled, you will need to specify the server/master using something like MAX or any other means you have for modifying the /etc/salt/minion.d/master.conf and restarting the salt-minion service. Once configured you then need to manually approve the target from the SystemLink web interface.
SSH is not required or used once the target has connected to the server, however you can use the SystemLink web interface to change the SSH password after it has connected.