How to establish a Reverse SSH to a Serial Device... Cable required

How to establish a Reverse SSH to a Serial Device behind the AirLink device
This article applies to the ES440, GX440 and LS300 AirLink devices.
Cable required
When using a blue console cable to connect to a Cisco router, you must use an additional NULL modem
DB9 adapter, ending in a DB9 Male connector that is attached to the AirLink device’s serial port.
For other router vendors, the adapter may be required, depending on the router’s console port.
Typical console cables
AirLink devices support a DCE Female DB9. See DB9 pin-out at the end of this article.
Setting up a Reverse SSH connection
The following illustration shows a standard Out of Band (OOB) connection between the AirLink device
and a router:
1
Enabling the SSH server
Go to ACEmanager > Services > Telnet/SSH and select SSH as the Remote Login Server mode.
It is important to enter the Remote Login Server Telnet/SSH port which is by default
Port “2332”. This is the port that will be used when establishing SSH sessions.


Note: Since you have enabled the SSH server, you will be reaching the connected serial device
by establishing a Reverse SSH session. Basically, Telnet has been disabled.
Keep in mind when opening SSH sessions that the port to be used is the Remote Login Server
Telnet/SSH port.
Enabling Reverse Telnet/SSH
Go to ACEmanager > Serial: Port Configuration and set the Startup Mode Default field to “Reverse
Telnet/SSH”. Configure the serial port to match your serial device. Most routers console ports are set to
9600, 8N1.
That’s it for this menu.


The Auto login option is not supported when establishing Reverse SSH connections.
The Device port is not used at all for Reverse SSH connections.
2
Testing SSH into a connected device
To test Reverse SSH functionality, open any SSH application. For this example, we used “putty.exe”.
The following screen shot shows that application. Replace the Mode WANIP with the Cellular IP address
obtained by the AirLink device from your Mobile Network Operator. For our example, it is 166.10.10.10
A message similar to the following is displayed:
If the cable is correct and the router is accepting OOB messages, it prompts for the SSH login credentials.
You must provide ALEOS Reverse Telnet/SSH credentials (username: sconsole, and password: 12345).
After that, you are prompted for the router’s console login credentials username and password.
3
Please note if you use the default user: user and password: 12345, it establishes a normal AT command
session.
Reverse SSH and VPN
When the AirLink device is connected to a VPN, assuming it has the default device IP 192.168.13.31, you
can access the OOB router on the serial console port from a computer on the VPN network establishing
an SSH session to IP 192.168.13.31 on port 2332. Please note that it is using the device LAN IP or Device
IP address.
The connection is redirected to the device’s serial port, which in turn makes the connection to the
router, as shown below:
VPN
Server
Internet
PC connected to VPN
SSH to 192.168.13.31/2332
Wireless
Network
D
B
9
To Router’s
Console port
PC not connected to VPN
SSH to 166.10.10.10/2332
*Out of band connection
VPN Tunnel
*If the device has a VPN Split tunnel enabled, it means the ACEmanager out of band is set to “Allowed”.
It is possible to access the OOB router’s console port using the device’s Public WAN IP address, for
example, SSH to 166.10.10.10 on port 2332 by default.
Troubleshooting
I am attempting an SSH connection on a specified SSH port, but the connection times out.
There are several possible reasons for this. First of all, the device should have a Public IP that can be
accessed from the Internet. Test accessing the device using ACEmanager on port 9191, and then try to
make the connection using SSH on the default ALEOS port, 2332. If that works, be sure the Reverse
Telnet/SSH has been set to SSH. Verify that the serial port configuration matches your serial device, and
check the console cable.
I can establish an SSH connection with the Remote login Server Telnet/SSH port, but it does not prompt
for the router’s console login credentials.
Check the console cable. Reverse Telnet/SSH is a stable feature, however hardware issues arise in the
field mostly because of incorrect console cables or DB9 adapters. Be sure to use console cables specified
by the router’s manufacturer. In most of the cases, a DB9 null adapter is required.
When Reverse Telnet/SSH is enabled, can I still connect to the device using Telnet to port 2332?
No. It is not possible to use Telnet on 2332 once SSH has been enabled. The AirLink device only accepts
4
SSH connections on the Reverse login server Telnet/SSH port, as shown in ACEmanager > Services >
Telnet/SSH. Depending on whether you are using user: user or sconsole, you will be redirected to
either an AT command session or an SSH to serial port.
What is the DB9 pin-out for the AirLink device?
What are the DB9 and RJ 45 standard pin-outs for Cisco cables?
5