Skip to main content Skip to search

Powered by Zoomin Software. For more details please contactZoomin

Creating SSH Trust

Save PDF

Share

Feedback

Print

Table of Contents

Administering Imperva SecureSphere
Introduction to the SecureSphere Administration Guide
- Intended Audience
- The Admin Workspace
- Document Conventions
Topologies and Deployment
- Choosing a Deployment
  - CPU Affinity
- Sniffing Mode
  - Sniffing Mode Topologies
- Inline Gateways
  - Bridge Deployments
    - Bridge Mode Topologies
  - Fail Safe and Fail Open Modes
- Reverse Proxy Deployments
- Features Available in Each Deployment Mode
Platforms and Installation
- Forward Compatibility
- Preparing the Appliance
- Downloading and Verifying Software
- Installing the Software on Physical Machines
  - X and M Series Appliances
    - Connecting to a X or M Series Appliance Using a Serial Console
    - Installing X and M Series Appliances From USB
  - Creating a Bootable USB Device Containing the Installation Image
- Installing the Software on Virtual Machines
- Working with Management Servers After the Installation
  - Connecting to the Management Server
- Replacing Gateways
  - Replacing a Faulty Gateway or Upgrading to a New Gateway Model
    - Replacing a Faulty Gateway or Upgrading to a New Gateway Using an Already Registered Gateway
Configuring SecureSphere
- Initial Configuration
- Automating First Time Login
- Single Sign On (SSO)
- IPv6
- SecureSphere Users
- Appliance OS
  - CLI Users
- Gateway/Management Server Appliance Initial Configuration
  - First-Time Login (Configuration)
  - Registering a Gateway
- Configuring SecureSphere Using the Command Line Tools
  - Command Line Tools and MX-HA
    - Changing MX Properties in an MX-HA Environment
    - Stopping and Starting the MX in an MX-HA Environment
- Configuring a Management Server
- Configuring a Gateway
- Configuring the Platform
- Configuring SecureSphere Routes
- Configuring Transparent Reverse Proxy
- Configuring the Management Server for High Availability
- Switching Deployments
  - Converting a Gateway to an MX
  - Changing the MX of a Gateway
- Configuring the MX to Communicate with SOM Across Borders
- Using QinQ
Gateways
- Configuring Gateways and Gateway Groups
  - Gateways
    - Gateway Details
  - Gateway Groups
    - Configuring a Reverse Proxy
- Exporting Technical Information from Gateway
Licenses
- License Overview
- Uploading Licenses
- Viewing Licenses
Users and Permissions
- Understanding Permissions
- Permissions Workflow
- Working with Roles
- Working with Users
Sessions
- Connected Users
  - Sessions
ADC
- Viewing ADC Content and Status
- Updating ADC Content
- Viewing ADC History
Job Status
- Jobs Status
- Displaying the Jobs Status Window
- Editing a Job
- Aborting a Job
- Using the Log to Analyze Jobs
- Updating Features Configurations from the Cloud
Maintenance
- Discovery Results Archive
- Exporting and Importing the Management Server
- File Explorer Maintenance
- Reports Archive
- System Events Archive
- Vulnerabilities Purge
System Definitions
- Dynamic Profiling
- Gateway Settings
  - Response Page Display in Alerts Settings
  - Large Scale Configuration
- Security and Authentication
- Management Server Settings
- User Interface Settings
- Cloud Settings
  - General Settings
System Performance
- Management Server
- Exporting Technical Information from Management Servers
- Troubleshooting Performance
  - Management Server
  - Gateways
Inter-element Communication
- Inter-element Communication Overview
- Activating Certificate-based Communication
  - Before You Begin
  - Certificate-Based Communication Wizard
- Working with Certificate-based Communication
- Registration Flows
  - MX to SOM Registration Flow
- Maintaining Inter-element Communication
- Migration
Gateway High Availability
- Layer 2 High Availability Deployments
  - At the Network Level
    - Link Aggregation (Etherchannel)
  - At the SecureSphere Level
- Layer 3 (Proxy) High Availability Deployments
  - At the Network Level
    - Load Balancer Integration
  - At the SecureSphere Level
    - Redundant Architecture (VRRP) — Configuration
- Other High Availability Deployments
Management Server High Availability (MX-HA)
- Management Server High Availability (MX-HA) Overview
- Management Server High Availability (MX-HA) Implementation
- Co-Locating Management Servers with MX-HA
- Management Server High Availability (MX-HA) Components
- Before Installing Management Server High Availability (MX-HA)
- Installing Management Server High Availability (MX-HA)
- After Installing Management Server High Availability (MX-HA)
  - Verify the Primary Server is Active
  - Register the Gateway
- Monitoring Management Server High Availability (MX-HA)
- Maintaining Management Server High Availability (MX-HA)
Network High Availability
- Network High Availability Support
- Network Interface Card (NIC) Bypass
- Configuring Network High Availability
Network Services
- SecureSphere Component Communication
- Configuring Firewall Ports
- Serial Console Access to SecureSphere
Hardware Security Modules (HSM)
- Luna Network HSM
  - Integrate Luna Network HSM with WAF Gateway
  - Working with Luna Network HSM
- nCipher Card
- nCipher netHSM
Add-Ons
- SSL Accelerator
- IPMI - 5G2U Appliances
- IPMI - 6G2U Appliances
- IPMI - 7G2U Appliances
Venafi Encryption Director Integration
- Overview of Integration of Venafi Encryption Director with SecureSphere
- Integrating the Venafi Encryption Director
Command Line Interface
- impcfg
  - Top Screen
  - impcfg Functionality Map
- impctl
- impcli
  - Sealed Mode
- Miscellaneous Commands
FIPS 140 Compliance
Management Server Disaster Recovery (MX-DR)
- Prerequisites
- Architectural Procedures
- Backup Procedure
- Recovery Procedure
PCI Compliance
- PCI Data Security Standard
  - SecureSphere and PCI DSS
- PCI Compliance
ABR Migration Tool
- How To Use
- ABR Migration Tool Clarifications
Copyright Notice
End User License and Services Agreement

HomeWAF Administration Guide...Management Server Disaster Recovery (MX-DR)Backup ProcedureCreating SSH Trust

Table of Contents

Creating SSH Trust

Also available in:
WAF v15.3
WAF v15.2
WAF v15.1
WAF v15.0
WAF v14.7
Last UpdatedMay 05, 2025
2 minute read

Creating SSH Trust

To load the configuration of the primary server onto the secondary server without having to enter a password each time, you need to create a trusted SSH connection between the two servers. This section provides the procedure for the AWS environment and for other environments.

AWS environment

To create a trusted SSH connection between the primary and secondary MX servers (on an AWS environment):

Open an SSH connection to the secondary MX server.
Login using root credentials.
Manually configure a trusted SSH root connection between the MXs.
Open an SSH connection to the primary MX server.
Login using root credentials.
Run the following command to set up the folder structure and allow the mxserver user to connect to the MX-DR:
impctl server dr create --ip=<secondary server IP address>

A confirmation message stating the connection was successfully set is displayed.
Perform the procedure described in Loading Licenses.

Other environments

To create a trusted SSH connection between the primary and secondary MX servers (on a non-AWS environment):

Open an SSH connection to the secondary MX server.
Login using root credentials.
Run the following command to enable the primary MX server to connect as root to the secondary MX server:
impctl hardening config --root-source-ip-exception=<primary server IP address>
Open an SSH connection to the primary MX server.
Login using root credentials.
Run the following command to set up the folder structure and allow the mxserver user to connect to the MX-DR:
impctl server dr create --ip=<secondary server IP address>
Type the password of the secondary MX server and hit Enter.
A confirmation message stating the connection was successfully set is displayed.
Perform the procedure described in Loading Licenses.

In This Topic

AWS environment
Other environments

Was this topic helpful?