Http//openssh.org/portable.html | Black Box 1101, 1102 guide

Chapter 15: Advanced Configuration

MasterLES1102A

	Slave				Slave


						LES1102A
	LES1101A					LES1102A
	LES1101A

authorized_key			id_rsa
ssh-rsa		---BEGIN RSA				authorized_key
AAAAB3NzaC1yC2Efg4+t		PRIVATE KEY----				authorized_key
GHIAAA==name@client1		MIBogIDAAKCAQEA		ssh-rsa
		yIPGsNf5+aOLnPUMc		AAAAB3NzaC1yC2Efg4+t
		nujXXPGIQGyD3b79		GHIAAA==name@client1

KZg3UZMjZI525sCy

Opv4TjTvTK6a7QIYt

GYTByUdl

id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2Efg4+tGHIAAA==name@client1

Figure 15-1.

If the Black Box device selected to be the server will only have one client device, then the authorized_keys file is simply a copy of the public key for that device. If one or more devices will be clients of the server, then the authorized_keys file will contain a copy of all of the public keys. RSA and DSA keys may be freely mixed in the authorized_keys file. For example, assume we already have one server, called bridge_server, and two sets of keys, for the control_room and the plant_entrance:

$ls /home/user/keys control_room control_room.pub plant_entrance plant_entrance.pub $ cat /home/user/keys/control_room.pub /home/user/keys/plant_entrance.pub > /home/user/keys/authorized_keys_bridge_server

Master

LES1102A

id_dsa

-----BEGIN DSA

PRIVATE KEY----

MIIBugBAAKBgQCR kixjJ0SKuiREXTM xDPFp9HqBvEg7Ww9 oynY4QNiXj1YU7T 871TLQiAhn3yp72Wy 7Z5C3sLF8o46Go

ssh-dsa AAAAB3NzaZr+OV01C8gdgz XDg==name@client2

		Master


		LES1102A

			id_rsa
LES1102A			id_rsa
LES1102A		-----BEGIN DSA
		PRIVATE KEY----
		PRIVATE KEY----
		MIIEogIBAAKCAQEA
		yIPGsNf5+a0LnPUMc
		nujXXPGiQGyD3b79
		KZf3UZ4MjZI525sCy
		Opv4TjTvTK6e8QIYt
		GYTByUdI

ssh-rsa AAAAB3NzaC1yc2Efg4+tG HIAAA==name@client1

authorized_keys ssh-rsa AAAAB3NzaC1yc2Efg4+IGHI ssh-dss AAAAB3NzaZr+OV01C8gdgz XDg==name@client2

Figure 15-2.

More documentation on OpenSSH can be found at:

http://openssh.org/portable.html

724-746-5500 blackbox.com

149

Image 149

Black Box 1101, Secure Device Servers, 1102 manual Http//openssh.org/portable.html

Contents

1102 Secure Device Servers 1102 Secure Device Servers FCC and IC RFI Statements Normas Oficiales Mexicanas NOM Electrical Safety Statement Trademarks Used in this Manual Table of Contents Add a New Alert Local Authentication Tacacs AuthenticationSMS Alerts Snmp Alerts 107 106108 110 PowerMan Tool Installing the Key and CertificatePmpower Tool Fingerprinting Specifications Specifications Types of Users Overview 2.1 IntroductionManual Organization Hardware Description 2.5.1 LES1101A Front Panel OverviewManagement Console 2 LES1101A Back Panel Number Component Description DB9 connectorEthernet Connectivity LED RJ-45 Ethernet Activity LED left side of connector Ethernet Connectivity LED Number Component Description Barrel connector PowerLED right side of connector Ethernet Activity LED 3 LES1102A Front Panel 2 LES1102A What’s Included1 LES1101A Installation InstallationPower Connection Network Connection Non RS-232 Serial Port Pinouts- LES1102A +3V Non RS-232 Serial Port Pinouts- LES1101ARX+ TX+ +VIN TX + Management Console Connection System ConfigurationConnected PC/Workstation Setup Browser connection System Configuration Administrator Password Network IP Address IPv6 configuration System Services System Services screen SDT connector SSH encrypted SDT ConnectorCommunications Software Forwarded to SSHTerm PuTTY Configure Serial Ports Serial Port, Host, Device, and User Configuration Common Settings Serial Port, Host, Device, and User Configuration Console Server Mode Serial Port, Host, Device, and User Configuration 1102 Secure Device Servers SDT Mode Serial Bridging Mode Device RPC, UPS, EMD ModeTerminal Server Mode Local Ethernet LAN LES1102A COM port Syslog Add/ Edit Users Serial Port, Host, Device, and User Configuration Network Hosts Authentication Serial Port Redirection Trusted Networks LES1102A Retail data systems Managed Devices Serial Port, Host, Device, and User Configuration LES1102A Serial Connected Secure SSH Tunneling and SDT ConnectorSecure Local Configuring for SSH Tunneling to Hosts Secure SSH Tunneling and SDT ConnectorSDT Connector Client Configuration SDT Connector installation 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Make an SDT Connection through the Gateway to a Host Manually Adding Hosts to the SDT Connector Gateway 10. Clients Manually Adding New Services to the New Hosts 1102 Secure Device Servers Adding a Client Program to be Started for the New Service 16. Telnet client Click OK 17. Edit SDT host screen SDT Connector to Management Console 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Importing and Exporting Preferences SDT Connector Public Key Authentication Setting up SDT for Remote Desktop Access 23. Remote Desktop Users dialog box Configure the Remote Desktop Connection Client Geometry width x height or 70% screen percentage Use -p to receive password promptComputer, enter the appropriate IP Address and Port Number SDT SSH Tunnel for VNC For Linux servers and clients Install, Configure, and Connect the VNC Viewer 30. VNC authentication 1102 Secure Device Servers 33. Incoming TCP/IP properties Set up SDT Serial Ports on Console Server Address of port01. Then select the RDP Service check box SSH Tunneling Using other SSH Clients for example, PuTTY 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector 1102 Secure Device Servers Alerts and Logging Configure SMTP/SMS/SNMP/Nagios Alert ServiceAlerts and Logging Email Alerts Select Alerts & Logging Snmp SMS AlertsSnmp Alerts Activate Alert Events and Notifications Nagios Alerts Add a New Alert Configuring General Alert Types Serial port signal alert This alert type monitors UPSes, RPCs, and power devices Configuring Power Alert Type Network TCP or UDP Port Logging Remote Log StorageSerial Port Logging 1102 Secure Device Servers Power Management Power ManagementRemote Power Control RPC RPC Connection 1102 Secure Device Servers User Power Management RPC Access Privileges and Alerts Turn on Turn OFF Cycle Status Uninterruptible Power Supply Control UPSRPC Status Serial, USB, or Network Connections Managed Managed UPS Connections Click Add Managed UPS As Device Type UPS and clicking Apply Power Management Remote UPS Management UPS Status Controlling UPS Powered ComputersUPS Alerts 12. Log table Overview of Network UPS Tools NUT Refer to 1102 Secure Device Servers Authentication Configuration AuthenticationLocal Authentication Tacacs Authentication Enter the Server Password Radius Authentication RADIUS/TACACS User Configuration Ldap Authentication Pamtacplus PAM Pluggable Authentication ModulesPamldap Radius Example SSL certificates screen SSL Certificate Confirm Challenge Password Challenge PasswordCommon name Organizational Unit Upload button Nagios Overview LES1102A Network Managed hosts ServicesNagios Integration Distributed console servers Black Box console servers Central Management and Setting Up SDT for NagiosNagios Integration Setup Distributed Console Servers Setup Central Nagios Server Description enter Administrator connection Select Users & Groups from the Serial & Network menu Configuring Nagios Distributed MonitoringEnable Nagios on the Console Server Enable Nsca Monitoring Enable Nrpe MonitoringLES1102A Serial Check Nagios Tunneled SSH LES1102A Sendncsa Program/script Nagios Configure the Upstream Nagios Monitoring Host Configure Selected Serial Ports for Nagios MonitoringConfigure Selected Network Hosts for Nagios Monitoring Commandname checkserialstatus Commandline Commandname checknrpedaemon CommandlineDefine service Hostname Server Use Generic-service Server Use Generic-service Define service Servicedescription port-log-serverActivechecksenabled Passivechecksenabled Checkportlog Number of Supported Devices Basic Nagios Plug-Ins Distributed Monitoring Usage Scenarios Using Nagios in a local office Remote site Remote site with restrictive firewall System Management System Administration and Reset System Management Upgrade Firmware Configuration Backup Configure Date and Time 109 Select the Status Port Access Port Access and Active UsersStatus Reports Statistics Support Reports Status Reports Select Status Syslog Dashboard Configure dashboard screen Configuring the Dashboard Echo table Creating Custom Widgets for the Dashboard Management ManagementDevice Management Port and Host Logs Select Manage Terminal Serial Port Terminal Connection Select Manage Power Accessing config from the Command Line Configuration from the Command Line Config tool Configuration from the Command Line# config -g config.users.user1.description # config -g config Serial Port Configuration SDT mode Device Mode Serial bridge mode Terminal server modeSyslog settings Adding and Removing Users # config -r users # ./delete-node config.users.user2 # config -a # config -g config.groups.totalAdding and Removing User Groups # rmuser Group7 # config -r auth List of remote authentiction and authorization servers# config -g config.sdt.hosts.total # config -s config.sdt.hosts.total=4 # config -g config.devices.total Log level for services# config -hosts # config -g config.portaccess.total # config -r cascade # config -s config.cascade.slaves.total=1Cascaded Ports UPS Connections # config -d config.ups.monitors.monitor1 # config -s config.ups.monitors.total=1RPC Connections Remote UPSes To configure serial/network port logging # config -d config.devices.device8Port Log To delete the above managed device Signal Alert General settings for all alertsAlerts Connection Alert Power Sensor Alert UPS Power Status Alert# config -r alerts Smtp and SMS Snmp AdministrationIP Settings Date and Time Settings Dhcp Server Services# config -r time Prefer Nrpe over Nsca Disabled defaults to Disabled Enable SDT for Nagios ext Enabled SDT gateway addressTo configure Nrpe with following settings Nrpe port Nagios Bin/sh /etc/scripts/alert-email $suffix Advanced Configuration! # ./delete-node config.users.user3 Echo Warning $TOTALNODE greater than number of items NEWTOTAL=$ $TOTAL # loop indefinitely While true do Add the following line to rc.local Etc/config/scripts/config-post # configUsage /etc/scripts/backup-usb Command File # /etc/scripts/backup-usb check-magic Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2 Config --set config.system.snmp.trapport2=162 Config --set config.system.snmp.address2=w.x.y.zTo set the Manager Address field To set the Community field Snmp version 1 and 2c only $&% ! $& ! $&$ #$! Chown fred /etc/config/users/fred/.ssh/authorizedkeys#$ $ mkdir keys $ ssh-keygen -t rsa Http//openssh.org/portable.html OpenSSH Windows http//sshwindows.sourceforge.net/download ! Http//www openbsd.org/cgi-bin/man.cgi?query=sshd # ssh remhost Ab7e33bd85505a430be0bd433f1ca5f8 Offending key in /.ssh/knownhosts1 Client Keys Uploading Keys Authorized Keys !$ % +- ! !! #$ #$! #% #% Target Specification Powerstrip IdName or ID of the device support/idPowerstrip Pport PpasswordTargetaddress Username # #%& Appendix A. Linux Commands and Source Code Appendix a Linux Commands and Source CodeAdd a group or add an user to a group Add an user GNU Bourne-Again Shell Reboot LoginIp6tables Iptables-save Sleep VconfigSmbmnt Smbmount 164