Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. KerioControl
  2. KerioControl - Administration
  3. Articles

Accessing Kerio Control's Shell Using SSH

Overview

This article provides the steps required to access Kerio Control's shell using Secure Shell (SSH). This is helpful when you need to perform general troubleshooting, specifically on network issues in Kerio Control. By default, SSH access is disabled in out of the box installations of Kerio Control.

To access Kerio Control's server shell remotely, you need a client program, like PuTTY. If you are using Linux or Mac, you can open a secure shell tunnel using the Terminal app.
In the default traffic rules configuration, Kerio Control allows remote login only from the Trusted/Local network.

 

 

Solution

  1. Log in to the Kerio Control administration interface.
  2. While holding the Shift button on your keyboard, navigate to Status > System Health.
  3. Enable SSH by clicking the Enable SSH button.
     
    enable_ssh.png
  4. Confirm security warning by clicking Yes.

    ssh3.png
  5. Click OK to close the informational window.

    ssh4.png
  6. In your secure shell program, open a new connection to Kerio Control's server address. The command for Linux/macOS is ssh root@<control_ip_address>, i.e. ssh root@10.10.10.1

    Note: IP address varies depending on the Network configuration.

  7. When asked for the credentials, enter root for login as and your local administrator password for root's password.

    Screen_Shot_2019-08-16_at_4.47.03_PM.png

Common issues when working with SSH

No matching host key found

One of the most common issues when working with SSH is the error:

Unable to negotiate with <IP ADDRESS> port 22, no matching host key type found. Their offer: ssh-rsa

It can be fixed in 2 ways:

  1. Immediate Fix via Command Line

    Add these parameters to your SSH command to temporarily enable legacy algorithms:

    ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa user@host

    This forces the client to accept ssh-rsa for both host verification and key authentication

  2. Permanent Configuration

    Add these settings to ~/.ssh/config for the specific host:

    Host your-server-alias
  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa

    Replace your-server-alias with the Kerio Control IP address used for SSH connection. This ensures compatibility without modifying every command

Testing

 To test the SSH you can perform the following actions for example:

Identifying Kerio Control Webadmin URL from SSH

  1. Run ls command and check if the admin.url is listed or not.

    ssh1.png
      
  2. If listed, then run nano admin.url. The Kerio Control administration URL will be displayed.

    ssh2.png

 

Displaying Linux Kernel Module Information

  1. Navigate to the wireless network drivers directory.
     
    cd /lib/modules/3.16.0-k4-kerio-amd64/kernel/drivers/net/wireless/ath
     
  2. Run the modinfo command for the necessary driver (i.e., ath10k_pci).

    modinfo ath10k_pci

    linux_kernel.png
       

Back to top

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments