Digi TS 2/4, TS 4 manual Configuring SSH Version 2 for Secure Communication, Password Protection

Page 69

Configuring SSH Version 2 for Secure Communication

This section discusses how to configure a user to use SSH version 2 encryption.

This feature is only available for the following devices.

Device	Required Hardware	Required Firmware

Digi One TS	50000771-01A or higher	82000747a or higher

PortServer TS 2	50000771-02A or higher

PortServer TS 4	50000771-03A or higher

Password Protection

To configure simple password authentication for an SSH user, no SSH-specific configuration is required. Simply configure a user by entering the following commands:

set user name=name password=on

newpass name=name

where name is a user name

Example

set user name=ssh-user1

newpass name=ssh-user1

Using a Public Key

To enable public key authentication and to associate a public key with a user, enter the following command:

set user name=name loadkey=host:key

where

•name is the name of a user

•host is either an IP address or DNS name of a host running TFTP that holds

•key is the name of a file that contains the DSA public key. If your host’s implementation requires a complete path to the file, specify the path here as well.

Example: set user name=secure loadkey=143.191.2.34:ssh-file

Configuring Security Features

12-5

Image 69

Contents 92000307B Page Contents Configuring DNS Configuration Examples Page This Chapter IntroductionSetup Overview About Entering Commands on the Command Line About This GuideSupported Devices Other Documents in the Library Access Resource CD CardDownloading a Configuration File About Configuration MethodsLogging On As Root from the Command Line Configuration PrerequisitesAccessing the Command Line from a Telnet Session Accessing the Configuration from the Web InterfaceConfiguring the IP Address Options Options for Configuring the IP Address and MaskConfiguring the Ethernet Interface with DPA-Remote ProcedureStarting Point Configuring the IP Address Using Ping-ARP Configuring an IP Address using Dhcp and Rarp Configuring the Ethernet Interface from the Command LineManual Configuration Procedure Manual Configuration ExampleConfiguring an IP Address using Dhcp and Rarp Configuring Ports for RealPort Configuring the RealPort Software What is RealPort?Configuration Options About RealPortConfiguring Ports Web Interface Example Configuring Ports for RealPort Command LineConfiguring Ports for Printers Configuration Considerations Configuring Printer Connections Command Line Configuring Ports for Printers Web InterfaceTips for telnet and rsh Printing Related InformationConfiguring Printer Connections Command Line Configuring a Port for Direct-Access Printing Configuring a Port for Direct-Access Printing Configuring Ports for Modems Tips on Configuring a Modem Configuring Ports for Modems Web Interface Before You Begin Configuring Ports for Terminals Configuring Ports for Terminals Web Interface Configuring Ports for Terminals Command LinePort Defaults About Computer Connections Configuring Typical PC ConnectionsAbout Computer Connections Configuring Autoconnection Configuring a Port for Autoconnection Web Interface Configuring Autoconnection By Port Command LineAbout Autoconnection Configuring a User for Autoconnection Command Line Configuring a User for Autoconnection Web InterfaceConfiguring a User for Autoconnection Command Line Configuring PPP Configuring PPP Connections Web Interface Configuring Inbound PPP Connections Command Line Configuring Inbound PPP Connections Example Configuring Outbound PPP Connections Command Line Set user name=name n1=telephone-number Configuring IP Routing What is Routing Introduction to RoutingTypes of Routing About RIP Routing Updates Digi One/PortServer TS 2/4 Participation in RIP Updates Configuring Static Routes Example Route Using the Ethernet InterfaceExample Route Using a PPP Link Example Dynamic Routes Configuring Dynamic Routes Using RIPConfiguring Proxy ARP Configuring Proxy ARP Configuring Console Management Configuring Console Management Web Interface Configuring Console Management Command LineAbout Console Management Example Alternate IP Addresses Example SSH2 and Menu Access10-4 Configuring About Modbus Configuring Modbus Using the Web Interface Configuring Modbus from the Command Line 11-5 Configuring Network-Connected Masters Configuring a Port-Connected MasterExamples Configuring Security Features Default Access Restrictions Controlling Access to Inbound PortsOptions for Removing Access Restriction Procedure for Changing a Port’s Access RequirementsDefault Access Controlling Access to Outbound PortsRestricting Access to Outbound Ports Method 1 AutoconnectionIssuing User Passwords Configuring SSH Version 2 for Secure Communication Password ProtectionUsing a Public Key 12-6 Configuring DNS About the Domain Name System Configuration Procedures Procedure for Using a Name ServerProcedure for Using a Host File 13-4 Configuring Snmp About Snmp and the Digi One/PortServer TS 2/4 Agent Configuration Procedure Web Interface Configuration Procedure Command LineConfiguration Example 14-4 Configuring Users Common User Features About Configuring UsersConfiguring a User Web Interface Configuring a User Command Line Examples Managing the OS and Configuration Upgrading the OS Firmware Web Interface Prerequisite Task Upgrading the OS Firmware Command LineWhen To Use Remote Configuration Configuring Digi One/PortServer TS 2/4 from a Remote HostRules for Editing a Configuration file Copying the Configuration File to a HostCpconf fromhost=199.250.121.12cnfg-fle Resetting the Configuration to Defaults Configuration Examples Configuration Terminal Server Configuration Without RealPortConfiguration Notes IllustrationTerminal Server Configuration Using Autoconnection Terminal Server Configuration Using RealPort Digi One/PortServer TS 2/4 Troubleshooting Procedures Symptom Digi One/PortServer TS 2/4 Does Not BootAssumptions Symptom Cannot Telnet to the Digi One/PortServer TS 2/4Running Digi One/PortServer TS 2/4 Customer Diagnostics Symptom Trouble Accessing a PortTroubleshooting Tftp Problems Key to Interpreting Digi One/PortServer TS 2/4 LEDsVerifying Tftp on a Unix System Kill -1inetdPID Verifying the Digi One/PortServer TS 2/4 IP Address Checking for Duplicate IP AddressesPinging an IP Address Verifying the Network Cabling AIX Verifying the RealPort Process Verifying the RealPort ProcessHP-UX Verifying the RealPort Process Linux Verifying the RealPort ProcessWindows NT Verifying the RealPort Service Windows 2000 Verifying the RealPort ServiceSolaris Verifying the RealPort Process Digi International Bren Road East Minnetonka, MN Digi Contact Information18-12