A Zerto administrator may require ZCC access to perform network troubleshooting between tenants and cloud sites.  For this reason, we are providing an SSH key for customers to access the ZCC via SSH.  Please note that this KB applies to ZCCs that have been newly deployed on version 7.0 and above.

Note: This KB will not work for connecting to ZCCs post upgrade to 7.0 and above.


   A Zerto administrator may require ZCC access for network troubleshooting purposes.    


Starting version 7.0, the Zerto Virtual Replication installation folder will contain a sub-folder called “Secrets”. Please note that only a user account with Administrative access on the ZVM server can access this folder. 

The "Secrets" folder will contain a file named "ssh.ppk" which can be loaded into PuTTY to securely connect to the ZCC via SSH as the "root" user. 

User-added image

To connect to the ZCC, follow these steps: 

  1. Once you have located the "ssh.ppk" in the "Secrets" folder, open PuTTY which is also located at the ZVR installation folder and navigate to the "Auth" menu (Connection -> SSH -> Auth). 

 User-added image

  1. Click on the "Browse" button and load the SSH key file into PuTTY. 

  1. Navigate to the "Session" menu, enter the ZCC’s IP address in the "Host Name (or IP address)" bar, and click "Open". 

  1. Click Yes on the host’s SSH fingerprint alert 

 User-added image

  1. Use "root" as the username and press "Enter"

You should be now logged in to the ZCC. 

Network Troubleshooting:


From the ZCC to the VRAs:

To check the connection between the ZCC and the Cloud's/Tenant's VRAs, run a continuous ping followed by a Telnet over ports 4007 + 4008 to at least one VRA in each site to make sure there is no packet loss and that none of the required ports of communication are blocked.

From the VRAs to the ZCC:

First, use the following ZCC command to view the VRAs<-->ZCC port forwarding rules:

a. Type: iptables-save > iptables.txt

b. Type: less iptables.txt

Then, connect to at least one VRA (following the KB: "Connecting to a VRA via SSH") on the Cloud's site and one VRA on the Tenant's site and check the connection to the ZCC's cloud facing NIC and customer-facing NIC respectively via continuous ping and Telnet over the ports specified in the iptables.txt file for each VRA.