Disabling Secure Terminal

Rationale

The Secure Terminal server on IGEL OS is a network service providing a TLS/SSL-encrypted Telnet session.
This service is not required for normal IGEL OS 12 management, which is handled via the Universal Management Suite (UMS).
Disabling it reduces the number of active network services and therefore decreases the system’s attack surface.

Instructions

By default, the Secure Terminal is not active. If you want to deactivate it at any time, follow these steps:

1. In IGEL Setup, go to System > Remote Access > Secure Terminal.

2. Deactivate Secure Terminal.

3. Click Save.

In the UMS Console, you can enable logging of users who have accessed the Secure Terminal:
UMS Administration > Global Configuration > Remote Access.

Using SSH Securely

An OpenSSH server is included in the IGEL OS 12 base system but is not running by default.
SSH is not required for normal device management, which is handled via the Universal Management Suite (UMS).
However, SSH can be useful for debugging or automation tasks, such as running interactive sessions or executing commands remotely.

Instructions

1. In IGEL Setup, go to System > Remote Access > SSH.

2. Activate Enable to start the SSH server.

3. Leave Permit empty passwords deactivated.

4. Leave Permit administrator login deactivated.

5. Allow User Access for the user, who can execute commands with standard (non-administrative) privileges.

6. Deny User Access for ruser.

7. Leave Permit X11 forwarding deactivated.

8. (Optional) Under Hosts, specify a comma-separated list of allowed DNS names or IP addresses.
   You can also leave the asterisk (*) to allow all hosts (not recommended for secure environments).

9. Click Save.