Security Hardening
Activate/deactivate SSH access
Access control devices support SSH connections, allowing the Control iD team to perform diagnostics and remote technical support when needed. This feature facilitates maintenance and problem resolution without requiring physical intervention on the device.
By default, SSH is enabled to ensure that support can be provided whenever necessary. However, there are situations where administrators may choose to disable it, especially when there is a need to reduce the system's attack surface.
Keeping this service active can pose a security risk if credentials are compromised or vulnerabilities are exploited. In some organizations, security policies require restrictions on remote access, following regulatory guidelines or internal standards, which may make disabling SSH necessary.
Additionally, in environments where there are concerns about unauthorized access, such as locations with multiple administrators or employees who have access to the local network where the device is connected, disabling SSH can serve as an additional protection measure.
In order to activate or deactive the SSH access, one must use the same endpoint for modifying configurations, altering the ssh_enabled parameter listed in the configuration parameters.
Once deactived, the SSH access can be once again activated at any moment.
POST /set_configuration.fcgi
Parameters
- The parameter will be a JSON Object that contains the ssh_enabled* parameter and (optionally) other parameters.
- ssh_enabled = 0 deactivates the SSH access
- ssh_enabled = 1 activates the SSH access
Response
- The response will be a JSON Object corresponding to the modified setting parameters.
Request example
Enables the beep sound and deactivates the SSH access.
$.ajax({
url: "/set_configuration.fcgi?session=" + session,
type: 'POST',
contentType: 'application/json',
data: JSON.stringify({
general: {"beep_enabled": "1", "ssh_enabled": "0"}
})
});
Available network resources
On the table below, there is information about every network, IP and remote access resource from the devices.
| Resource | Enabled by default | Default port | Description |
|---|---|---|---|
| HTTP | ✔️ | 80 | Used for the embedded Web Server interface |
| HTTPS/SSL | ✖️ | 443 | Secure protocol for accessing the web interface via encryption |
| NTP | ✖️ | 123 | Protocol used for network-based time synchronization |
| RTSP | ✖️ | 554 | Protocol for real-time audio and video streaming |
| ONVIF | ✖️ | 8000 | Standard for interoperability of video surveillance devices |
| SIP | ✖️ | 5060 | Protocol used for signaling in VoIP communication. Enables SIP calls |
| DNS | ✔️ | 53 | System for translating domain names into IP addresses |
| DHCP | ✖️ | 67/68 | Protocol for automatic IP configuration on the network |
| SNMP | ✖️ | 161/162 | Protocol for monitoring and managing devices in a network |
| SSH | ✔️ | 22 | Used for secure remote access to the device |