Using Reverse SSH to Manage Devices on an Isolated LAN


Network support personnel need a secure, reliable solution for communicating with devices located on a remote LAN. The LAN at the remote site is not directly accessible via network, as is often the case in applications that are situated in locations where network access is not practical and in applications where WAN access could constitute a security risk. Since the application in this example lacks direct network access, a dial-up connection is used to provide out-of-band access to devices at the site.


A DSM Series Console Server with an internal modem is deployed at the remote site. When an administrator or technician needs access to a device at the site, a dial-up connection is first established with a WTI DSM Series GigE Console Server at the site. Since the DSM Console Server also functions as an SSH Host and the DSM is connected to the secure LAN at the site, remote support personnel are able to employ the DSM to establish a reverse SSH connection with any device on the LAN.

Using Reverse SSH to Communicate with an Isolated LAN


This provides administrators and support personnel with remote access to networked devices at the remote site even though direct network access is not available, allowing communication with any device connected to the secure LAN at the remote site. If desired, the serial ports on the DSM Series Console Server can also be connected to console ports on devices at the site to provide remote access to console port command functions.

In addition to allowing access to remote devices by both Secure LAN and console port via dial-up, the DSM Series Console Server can also be used to monitor conditions and events at the site. When high rack temperatures, power supply irregularities, LAN outages, unresponsive devices and other potentially troublesome conditions are detected, the DSM can create an event log to provide support personnel with a time-stamped record of events at the site.

A console server that supports reverse, outbound SSH connections can provide technical support personnel with a secure, versatile tool for communicating with devices at remote sites that would otherwise be inaccessible. In addition to providing access to console port command functions like other console servers, a console server with SSH Hosting capabilities also allows technicians to communicate with remote devices on secure LANs via network when outside network access isn’t available.

Reverse SSH simplifies the process of communicating with individual devices at remote sites for routine communication and maintenance needs and also enable NOC personnel to deal with unresponsive devices and other problems at network equipment installations without the hassles and expenses of physical service calls or truck rolls.

For more information or a free, live demo, please contact WTI.