Lantronix EDS-MD16, EDS-MD8, EDS-MD4 manual Security Settings, SSH Settings, SSH Server Host Keys

Page 58

10: Security Settings

The EDS-MD4, EDS-MD8 and EDS-MD16 device supports Secure Shell (SSH) and Secure Sockets Layer (SSL). SSH is a network protocol for securely accessing a remote device. SSH provides a secure, encrypted communication channel between two hosts over a network. It provides authentication and message integrity services.

Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the Internet. It uses digital certificates for authentication and cryptography against eavesdropping and tampering. It provides encryption and message integrity services. SSL is widely used for secure communication to a web server. SSL uses certificates and private keys.

Note: The device supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming SSLv2 connection attempt is answered with an SSLv3 response. If the initiator also supports SSLv3, SSLv3 handles the rest of the connection.

SSH Settings

SSH is a network protocol for securely accessing a remote device over an encrypted channel. This protocol manages the security of internet data transmission between two hosts over a network by providing encryption, authentication, and message integrity services.

Two instances require configuration: when the EDS-MD is the SSH server and when it is an SSH client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode. The SSH client is for tunneling in Connect Mode.

To configure the EDS-MD as an SSH server, there are two requirements:

Defined Host Keys: both private and public keys are required. These keys are used for the Diffie-Hellman key exchange (used for the underlying encryption protocol).

Defined Users: these users are permitted to connect to the EDS-MD SSH server.

SSH Server Host Keys

The SSH Server Host Keys are used by all applications that play the role of an SSH Server. Specifically Tunneling in Accept Mode. These keys can be created elsewhere and uploaded to the device or automatically generated on the device.

If uploading existing keys, take care to ensure the Private Key will not be compromised in transit. This implies the data is uploaded over some kind of secure private network.

Note: Some SSH Clients require RSA Host Keys to be at least 1024 bits in size.

 

Table 10-1 SSH Server Host Keys

 

 

RSS Settings

Description

 

 

Private Key

Enter the path and name of the existing private key you want to upload. . In

 

WebManager, you can also Browse to the private key to be uploaded. Be sure the

 

private key will not be compromised in transit. This implies the data is uploaded over

 

some kind of secure private network.

 

 

EDS-MD User Guide

58

Page 57 Page 59
Image 58
Page 57 Page 59
Contents TM User Guide Disclaimer Warranty ContactsCopyright & Trademark Revision HistoryUsing This Guide Table of ContentsIntroduction Configuration Using Web Manager Installation of EDS-MD4/8/16 Device ServersUsing DeviceInstaller Line and Tunnel SettingsNetwork Settings Terminal and Host Settings Services SettingsSecurity Settings Maintenance and Diagnostics SettingsEDS-MD User Guide Advanced Settings VIP Settings Updating FirmwareBranding the EDS-MD4/8/16 List of Figures 1EDS-MD Product LabelList of Tables EDS-MD User Guide Purpose and Audience Using This GuideSummary of Chapters Input Supply Safety InformationCover Power Plug GroundingWall Mounting BatteryPort Connections Environmental Conditions for Transportation and Storage Cleaning InstructionsEquipment Classifications Electromagnetic InterferenceAdditional Documentation Document DescriptionApplications Key FeaturesIntroduction Protocol SupportAddresses and Port Numbers Troubleshooting CapabilitiesConfiguration Methods Hardware AddressProduct Information Label Port NumbersUser-Supplied Items Installation of EDS-MD4/8/16 Device ServersPackage Contents Identifying Hardware ComponentsLEDs Serial PortsEthernet Port System LEDs on the Top of EDS-MDRJ45 LEDs on the Back Panel Ethernet Indicators Reset to Default ButtonSerial Indicator LEDs on the Top of EDS-MD Green Red OffTechnical Specification Category DescriptionFinding a Suitable Location Installing the EDS-MDConnect the EDS-MD to one or more serial devices Current Settings Description Using DeviceInstallerAccessing EDS-MD Using DeviceInstaller Device Detail SummaryWeb Enabled Supports Configurable PinsTelnet Enabled GroupConfiguration Using Web Manager Accessing Web ManagerDevice Status Web Manager Page Components Help AreaNavigating the Web Manager Web Manager Description SeeTerminal SyslogSystem TunnelLine Configuration Settings Line and Tunnel SettingsLine Settings Line Settings DescriptionLine Command Description Mode Settings To Configure Line SettingsLine Command Mode Settings To View Line StatisticsTo Configure Tunnel Serial Settings Tunnel SettingsSerial Settings Tunnel Serial SettingsTunnel Packing Mode Settings Packing ModeTo Configure Tunnel Packing Mode Settings Tunnel Packing Mode Description SettingsTunnel Accept Mode Description Settings Accept ModeTunnel Accept Mode Settings Local PortTo Configure Tunnel Accept Mode Settings Tunnel Connect Mode Description Settings Connect ModeTunnel Connect Mode Settings Reconnect TimerTunnel Disconnect Mode Settings To Configure Tunnel Connect Mode SettingsDisconnect Mode Tunnel Disconnect Description Mode SettingsTunnel Modem Emulation Settings To Configure Tunnel Disconnect Mode SettingsLine and Tunnel Settings Tunnel Modem Description Emulation SettingsStatistics To Configure Tunnel Modem Emulation SettingsTo View Tunnel Statistics  Include in your file statusgroup name=tunnel instance=1 Network Interface Settings Network SettingsNetwork Interface Settings Network Interface Description SettingsTo Configure Network Interface Settings To View Network Interface StatusNetwork 1 eth0 Link Settings Network Link SettingsTo Configure Network Link Settings Network 1 Ethernet eth0 Description Link SettingsTerminal Settings Terminal and Host SettingsTerminal on Network and Line Settings To Configure the Terminal Line Connection Host ConfigurationTo Configure the Terminal Network Connection Host ConfigurationRemote Address To Configure Host SettingsSSH Username Remote PortTo View or Configure DNS Settings Services SettingsDNS Settings DNS SettingsTo Configure FTP Settings FTP SettingsSyslog Settings FTP SettingsTo View or Configure Syslog Settings Http SettingsHttp Settings Description Http Authentication Settings Description To Configure Http SettingsEnter the Uniform Resource Identifier URI To Configure RSS Settings RSS SettingsTo Configure Http Authentication RSS SettingsTo Configure RTC Settings Real Time Clock RTC SettingsRTC Settings Description RSS Settings Description Security SettingsSSH Settings SSH Server Host KeysSSH Server Authorized Users SSH Client Known HostsSSH Client Known Hosts SSH Server Authorized Users Remote CommandSSH Client Users SSH Client UsersSSL Settings To Configure SSH SettingsCertificate and Key Generation Certificate and Key Generation SettingsCertificate Generation Description Settings To Create a New CredentialUpload Certificate Settings Certificate Upload SettingsTo Configure an Existing SSL Credential Upload Description Certificate SettingsTrusted Authorities Trusted Authority SettingsTo Upload an Authority Certificate File Display Settings Maintenance and Diagnostics SettingsFilesystem Settings File DisplayFile Modification File Modification SettingsFile Transfer Settings File TransferProtocol Stack Description IP Settings IP Network Stack SettingsTo Configure IP Network Stack Settings To Transfer or Modify Filesystem FilesIcmp Network Stack Settings To Configure Icmp Network Stack SettingsTo Configure ARP Network Stack Settings Protocol Stack Description Icmp SettingsQuery Port Settings To Configure Smtp Network Stack SettingsTo Configure Query Port Settings Query PortIP Sockets DiagnosticsHardware To View Hardware Information To View the List of IP SocketsTo Ping a Remote Host Ping Settings10 Traceroute Settings TracerouteLog To Configure the Diagnostic Log Output11 Log Settings MemoryTo View Process Information ThreadsProcesses To View Thread Information12 System Settings System SettingsTo Reboot or Restore Factory Defaults System Settings DescriptionTo View, Configure and Send Email Advanced SettingsEmail Settings Email Configuration Description SettingsTo View and Configure Basic CLI Settings Command Line Interface SettingsBasic CLI Settings CLI Configuration SettingsSSH Settings Telnet SettingsTo Configure Telnet Settings Telnet SettingsXML Exporting Configuration XML SettingsXML Export Configuration XML Export Configuration Description SettingsXML Export Status To Export Configuration in XML FormatXML Export Status Description Settings To Export in XML FormatImport Configuration from the Filesystem XML Import ConfigurationImport Configuration from External File To Import Configuration in XML FormatUpdating Firmware Obtaining Firmware Loading New FirmwareTo Configure VIP Settings VIP SettingsVirtual IP VIP Configuration Virtual IP VIP StatusVIP Counters Virtual IP VIP CountersTo View VIP Counters VIP Counters DescriptionBranding the EDS-MD4/8/16 Web Manager CustomizationShort and Long Name Customization Short and Long Name SettingsName Settings Description To Customize Short or Long NamesAppendix a Technical Support Technical Support Europe, Middle East, AfricaConversion Table Appendix B Binary to Hexadecimal ConversionsConverting Binary to Hexadecimal Scientific CalculatorClick Hex. The hexadecimal value appears Applicable ITE Standards Appendix C ComplianceApplicable Medical Standards Emissions ImmunityRegulatory Compliance Standard DescriptionSuppliers Declaration of Conformity RoHS Notice Lantronix Cables and Adapters Cables and AdaptersLantronix P/N Description Applications RJ45 Receptacle to DB25M DTE Adapter PN 200.2066A RJ45 Receptacle to DB25M DCE Adapter PNRJ45 Receptacle to DB25F DTE Adapter PN 200.2067A RJ45 Receptacle to DB9M DTE Adapter PN 200.2069A RJ45 Receptacle to DB9F DTE Adapter PN 200.2070A 10 RJ45 to RJ45 Adapter ADP010104-01
Top Page Image Contents