We have deployed multiple Peplink 8 port 10G switches on different accounts. The HTTPS password is the one that we configure in Incontrol2->Device System Management. We were surprised to learn that the switches also have an SSH server but the password is not the same. We opened a support ticket and Peplink keeps stating that the SSH password is the same as the GUI password but it is clearly not.
Does somebody really know what the SSH password is or how to set it? We have switches exposed to the internet (switch sits between the carrier handoff and the customer HA firewall/router setup so there is no way to protect it. Please advise as it is making us extremely uncomfortable recommending these switches again if we cannot secure them (no management whitelist like it existed on the legacy switches).
Hello @Ricardo_Villa,
We have Peplink 10G SD-Switches deployed in HA mode on the WAN side, with no exposure to SSL, HTTP/HTTPS or any other switch management features.
We manage these using VLAN(s) (created in InControl2), so only the required ports for that WAN’s HA will carry those VLAN(s). If the ISP is not using VLANs, then securing the VLAN as an Access Port will work.
We then manage/monitor the Peplink SD-Switch via a secure connection on a dedicated management VLAN from the LAN side of the Peplink router.
Remember to always configure the VLAN with no InterVLAN.
When configured this way, no SSL, HTTP/HTTPS, or any other Peplink switch management will be exposed on the WAN side.
Yes, that is a practical solution if you manage all aspects of the network (LAN/WAN/Routers/Firewalls). In our case, we are the MSP and only manage the WAN. Being able to see/manage the switches in incontrol2 was attractive to our company but having to depend on the customer to setup a management VLAN for us is a huge drawback. I can’t believe there is no way to disable HTTPs/SSH or even change the SSH password on these switches.
