Qualys Appliances do not offer any open ports over which remote management services might be offered. There is no Telnet, SSH, or HTTP/S access.
Under most circumstances, this is of no concern to customers. The Appliance is used via the Qualys web interface that is hosted on Qualys' infrastructure. Assuring operational readiness of the Appliance (such as installing scan engine upgrades, operating system patches, or other upgrades), is done by Qualys.
Console access to the Appliance allows customers to remotely configure the Appliance for tasks that usually require an operator to be physically present in-front of the device, such as:
- change the LAN or WAN port configuration (IP address, DNS, VLAN, etc.);
- change the HTTP/S proxy configuration (new username or password);
- obtain the ACTIVATION CODE during a remote installation.
In short: anything a user can do with the front panel LCD of the Appliance, can also be done over Console access.
With a Console Server users can make the Appliance's Console available over the network.
This article presents how to configure an Avocent Cyclades TS100 to make available the Appliance's Console over Telnet.
1) Use your web browser to access the configuration pages of the TS100
2) go to the Serial Ports configuration
3) load a CAS profile and adjust it
4) save these changes, then go and apply them
5) use your system's Telnet to access the TS100 to edit the getty.conf file
6) set getty to "off" in /etc/getty.conf
As seen in the screenshot above, you can use vi to edit the file:
Then change to:
Write the changes to disk and quit:
Logout from the TS100.
See Step (4) to re-apply the configuration.
7) Telnet to the Console Server port
Access to the console in this example is not secured - it is neither encrypted, nor subject to restricted access. It would be far better to use SSH for this with pre-shared keys.
- see the Scanner Appliance User Guide for more information on the configuration menu of the Appliance
- see also the Avocent Cyclades TS100 Manual