- Discovery MR750 3.0T System Service Methods
- 5690009-2EN Revision 4
- 00000018WIA3049D060GYZ
- id_20291331.6
- Oct 11, 2021 6:34:13 PM
SSH hardening changes for MR 29 and later
SSH hardening changes for MR 29 and later.
Due to the increased security hardening of the SSH features, users who want to access the system remotely using SSH will now have to establish a secured connection using SSH keys.
SSH allows for the secure access of a system remotely over a non-secure network. Remote access allows for remote execution of system services and direct access to the file system. Due to the nature of allowing remote execution and file system access, securing this method of access is important.
As of software version DV29.0 and later, the security of accessing the system remotely has been hardened to block user and password login attempts. Additionally, Port 22 is blocked and not available for use. Instead, access is granted to the system using SSH keys.
Remote access
To access the system remotely, a site network/IT administrator must establish secure network SSH keys. Only after establishing the SSH keys will remote operations become available. These SSH keys will be generated on another machine and transferred to the system to establish secure connection.
The customer IT must generate a pair of private/public SSH keys. When a key has been generated, it must be manually installed using USB to the MR System to begin remote access.
The key is transferred even when upgrading from an older SW with a save/restore onto newer software.
Port 22 is closed for SSH and is not available for access.
New keys will not take effect until after the Target/Bay is rebooted. Please plan to get these generated before you actually need to access a system.
Port 22 for SSH can be implemented along with the user and password login on the MR scanner; however, this not the preferred option and not a recommended method for establishing SSH access. For information on establishing connection over Port 22, see Establishing the SSH Port.