Lantronix XN Security Settings, SSH Settings, SSH Server Host Keys, RSS Settings Description

Page 66

10: Security Settings

The PremierWave XN device supports Secure Shell (SSH) and Secure Sockets Layer (SSL). SSH is a network protocol for securely accessing a remote device. SSH provides a secure, encrypted communication channel between two hosts over a network. It provides authentication and message integrity services.

Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the Internet. It uses digital certificates for authentication and cryptography against eavesdropping and tampering. It provides encryption and message integrity services. SSL is widely used for secure communication to a web server. SSL uses certificates and private keys.

Note: The device supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming SSLv2 connection attempt is answered with an SSLv3 response. If the initiator also supports SSLv3, SSLv3 handles the rest of the connection.

SSH Settings

SSH is a network protocol for securely accessing a remote device over an encrypted channel. This protocol manages the security of internet data transmission between two hosts over a network by providing encryption, authentication, and message integrity services.

Two instances require configuration: when the PremierWave is the SSH server and when it is an SSH client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode. The SSH client is for tunneling in Connect Mode.

To configure the PremierWave as an SSH server, there are two requirements:

Defined Host Keys: both private and public keys are required. These keys are used for the Diffie-Hellman key exchange (used for the underlying encryption protocol).

Defined Users: these users are permitted to connect to the PremierWave SSH server.

SSH Server Host Keys

The SSH Server Host Keys are used by all applications that play the role of an SSH Server. Specifically Tunneling in Accept Mode. These keys can be created elsewhere and uploaded to the device or automatically generated on the device.

If uploading existing keys, take care to ensure the Private Key will not be compromised in transit. This implies the data is uploaded over some kind of secure private network.

Note: Some SSH Clients require RSA Host Keys to be at least 1024 bits in size.

 

Table 10-1 SSH Server Host Keys

 

 

RSS Settings

Description

 

 

Private Key

Enter the path and name of the existing private key you want to upload. In

 

WebManager, you can also browse to the private key to be uploaded. Be sure the

 

private key will not be compromised in transit. This implies the data is uploaded over

 

some kind of secure private network.

 

 

PremierWave XN User Guide

66

Page 65 Page 67
Image 66
Page 65 Page 67
Contents XN User Guide Contacts WarrantyCopyright & Trademark DisclaimerInstallation of PremierWave XN Table of ContentsUsing This Guide Using DeviceInstallerConfiguration Using Web Manager Network SettingsLine and Tunnel Settings Terminal and Host Settings Services SettingsSecurity Settings Maintenance and Diagnostics Settings Advanced Settings BridgingSecurity in Detail Branding the PremierWave XN VIP SettingsUpdating Firmware 103List of Figures PremierWave XN Product LabelList of Tables PremierWave XN User Guide Summary of Chapters Using This GuidePurpose and Audience Chapter DescriptionAdditional Documentation Document DescriptionApplications Key FeaturesIntroduction Protocol SupportAddresses and Port Numbers Troubleshooting CapabilitiesConfiguration Methods Hardware AddressProduct Information Label IP AddressPort Numbers User-Supplied Items Installation of PremierWave XNPackage Contents Hardware ComponentsSignal Strength LEDs Button pin holeRight LED PowerLeft LED SerialWlan Signal Strength Indicator at 5 GHz Wlan Signal Strength Indicator at 2.4 GHzWPS Status Indicator 10 Diagnostic LED Indications Fault Conditions Blink PatternBack Panel Wi-Fi Protected Setup WPS To Start WPSPerform the following steps to install your device Installing the PremierWave XNTo Cancel WPS To Show WPS Status13 PremierWave XN Dimensions in Millimeters mm Device Detail Summary Using DeviceInstallerAccessing PremierWave XN Using DeviceInstaller IP address was obtained dynamicallyCurrent Settings Description Configuration Using Web Manager Accessing Web ManagerTo access Web Manager, perform the following steps Device Status Web Manager Components Help AreaNavigating Web Manager Web Manager Description SeeSmartRoam Protocol StackQuery Port SyslogNetwork Interface Settings Network SettingsNetwork Interface Settings Network Interface Description SettingsTo Configure Network Interface Settings Network 1 Ethernet eth0 Description Link Settings Network Link SettingsNetwork 1 eth0 Link Settings To View Network Interface StatusNetwork 2 wlan0 Link Settings Network 2 Wlan wlan0 Description Link SettingsNetwork 2 Link Scan To Configure Network Link SettingsWlan Link Status and Scan Commands Network 2 Link Scan Results on WebManagerTo View Wlan Link Scan and Status Information Network 2 Link StatusWlan Link Status Description Wlan Profiles To Configure Wlan ProfilesWlan Profile Basic Settings Description Creating, Deleting or Enabling Wlan ProfilesTo Configure Wlan Profile Basic Settings Wlan Profile Basic SettingsTo Configure Wlan Profile Advanced Settings Wlan Profile Advanced SettingsWlan Profile Advanced Settings Description 10 Wlan Profile Security Settings Wlan Profile Security SettingsTo Configure Wlan Profile Security Settings Wlan Profile Description Security Settings11 Additional WEP Settings for Wlan Profile Wlan Profile WEP SettingsTo Configure Wlan Profile WEP Settings Wlan Profile WEP Settings DescriptionWlan Profile WPA Description WPA2 Settings Wlan Profile WPA and WPA2/IEEE802.11i Settings12 Wlan Profile WPA and WPA2/IEEE802.11i Settings KeyTo Configure Wlan Profile WPA and WPA/IEEE802.11i Settings Wlan Quick Connect To Configure Wlan Quick ConnectWlan Quick Connect Description Settings 13 Wlan Quick ConnectLine Configuration Settings Line and Tunnel SettingsLine Settings Line Settings DescriptionTo Configure Line Settings Line Command Mode SettingsLine Command Description Mode Settings Tunnel Serial Description Settings Line Settings Tunnel SettingsSerial Settings Line Settings to modify these settingsTunnel Packing Mode Settings To Configure Tunnel Serial SettingsPacking Mode Tunnel Serial Description SettingsSend Character To Configure Tunnel Packing Mode SettingsAccept Mode Trailing CharacterTunnel Accept Mode Settings Tunnel Accept Mode Description SettingsBlock Network To Configure Tunnel Accept Mode SettingsConnect Mode Email on ConnectReconnect Timer Tunnel Connect Mode SettingsTunnel Connect Mode Description Settings Flush Serial DataTunnel Disconnect Mode Settings To Configure Tunnel Connect Mode SettingsDisconnect Mode Tunnel Disconnect Description Mode SettingsTunnel Modem Description Emulation Settings To Configure Tunnel Disconnect Mode SettingsTunnel Modem Emulation Settings Modem EmulationTo View Tunnel Statistics To Configure Tunnel Modem Emulation SettingsStatistics Connect StringTerminal and Host Settings Terminal SettingsTerminal on Network and Line Settings To Configure the Terminal Line Connection Host ConfigurationTo Configure the Terminal Network Connection Host ConfigurationRemote Address To Configure Host SettingsSSH Username Remote PortTo View or Configure DNS Settings Services SettingsDNS Settings DNS SettingsTo Configure FTP Settings FTP SettingsSyslog Settings FTP SettingsHttp Settings Http SettingsTo View or Configure Syslog Settings Http Settings DescriptionTo Configure Http Settings Http Authentication Settings RSS SettingsTo Configure Http Authentication RSS SettingsTo Configure RSS Settings RSS Settings Description Security SettingsSSH Settings SSH Server Host KeysSSH Client Known Hosts SSH Server Authorized UsersSSH Client Known Hosts SSH Server Authorized Users Remote CommandSSH Client Users SSH Client UsersSSL Settings To Configure SSH SettingsCertificate and Key Generation Certificate and Key Generation SettingsCertificate Generation Description Settings To Create a New CredentialUpload Certificate Settings Certificate Upload SettingsTo Configure an Existing SSL Credential Upload Description Certificate SettingsTrusted Authority Settings Trusted AuthoritiesTo Upload an Authority Certificate File Display Settings Maintenance and Diagnostics SettingsFilesystem Settings File DisplayFile Modification File Modification SettingsFile Transfer Settings File TransferTo Configure IP Network Stack Settings Protocol Stack SettingsIP Settings IP Network Stack SettingsARP Settings Icmp SettingsTo Configure Icmp Network Stack Settings To Configure ARP Network Stack SettingsTo Configure Query Port Settings Smtp SettingsTo Configure Smtp Network Stack Settings Query Port SettingsIP Sockets DiagnosticsHardware To View Hardware Information To View the List of IP SocketsTo Ping a Remote Host Ping Settings10 Traceroute Settings TracerouteLog To Configure the Diagnostic Log Output11 Log Settings MemoryTo View Process Information ThreadsProcesses To View Thread Information12 System Settings System SettingsTo Reboot or Restore Factory Defaults System Settings DescriptionTo View, Configure and Send Email Advanced SettingsEmail Settings Email ConfigurationTo View and Configure Basic CLI Settings Command Line Interface SettingsBasic CLI Settings CLI Configuration SettingsTelnet Settings To Configure Telnet SettingsSSH Settings SSH SettingsXML Exporting Configuration XML SettingsXML Export Configuration XML Export Configuration Description SettingsXML Export Status To Export Configuration in XML FormatXML Export Status Description Settings To Export in XML FormatImport Configuration from the Filesystem XML Import ConfigurationImport Configuration from External File To Import Configuration in XML FormatBridging Configuration To configure and enable bridgingBridging Bridge Settings Bridge ConfigurationTo View or Configure Bridge Settings Wlan Profile WPA & WPA2 Description Settings Include in your file configgroup name=bridge instance=br0 Digital Certificates Security in DetailPublic Key Infrastructure Trusted AuthoritiesCertificate Formats Obtaining CertificatesSelf-Signed Certificates OpenSSLSteel Belted Radius Free RadiusUpdating Firmware Obtaining Firmware Loading New Firmware through FTPTo Configure VIP Settings VIP SettingsVirtual IP VIP Configuration Virtual IP VIP StatusVIP Counters Virtual IP VIP CountersTo View VIP Counters VIP Counters DescriptionBranding the PremierWave XN Web Manager CustomizationShort and Long Name Settings Short and Long Name CustomizationTo Customize Short or Long Names Appendix a Technical Support Technical Support USTechnical Support Europe, Middle East, Africa Conversion Table Appendix B Binary to Hexadecimal ConversionsConverting Binary to Hexadecimal Scientific CalculatorAppendix B Binary to Hexadecimal Conversions Appendix C Compliance Manufacturers Contact RoHS Notice
Related manuals
Manual 1 pages 1.27 Kb
Top Page Image Contents