Black Box Secure Device Servers, 1102, 1101 manual

1101 and 1102 Secure Device Servers

Figure 5-6. PuTTY Configuration screen.

PuTTY can be downloaded at http://www.tucows.com/preview/195286.html

SSH: We recommend that you use SSH as the protocol where the User or Administrator connects to the console server (or connects through the console server to the attached serial consoles) over the Internet or any other public network. This will provide authenticated SSH communications between the SSH client program on the remote user’s computer and the console server, so the user’s communication with the serial device attached to the console server is secure.

For SSH access to the consoles on devices attached to the console server serial ports, you can use SDT Connector. Configure SDT Connector with the console server as a gateway, then as a host, and enable SSH service on Port (3000 + serial port #) i.e. 3001-3002. Chapter 6—Secure Tunneling has more information on using SDT Connector for SSH access to devices that are attached to the console server serial ports.

You can also use common communications packages, like PuTTY or SSHTerm to SSH connect directly to port address IP Address _ Port (3000 + serial port #), for example, 3001–3002.

SSH connections can be configured using the standard SSH port 22. Identify the the serial port that’s accessed by appending a descriptor to the username. This syntax supports:

<username>:<portXX> <username>:<port label> <username>:<ttySX> <username>:<serial>

For a User named “fred” to access serial port 2, when setting up the SSHTerm or the PuTTY SSH client, instead of typing username = fred and ssh port = 3002, the alternate is to type username = fred:port02 (or username = fred:ttyS1) and ssh port = 22.

Or, by typing username=fred:serial and ssh port = 22. A port selection option appears to the User:

Figure 5-7. Port Selection option.

This syntax enables Users to set up SSH tunnels to all serial ports with only opening a single IP port 22 in their firewall/gateway.

30	724-746-5500 blackbox.com

Image 30

Black Box Secure Device Servers, 1102, 1101 manual

Contents

1102 Secure Device Servers 1102 Secure Device Servers Normas Oficiales Mexicanas NOM Electrical Safety Statement FCC and IC RFI Statements Trademarks Used in this Manual Table of Contents Local Authentication Tacacs Authentication SMS Alerts Snmp AlertsAdd a New Alert 108 106107 110 Pmpower Tool Installing the Key and CertificatePowerMan Tool Fingerprinting Specifications Specifications Overview 2.1 Introduction Manual OrganizationTypes of Users Overview Management ConsoleHardware Description 2.5.1 LES1101A Front Panel Ethernet Connectivity LED Number Component Description DB9 connector2 LES1101A Back Panel RJ-45 Ethernet Activity LED right side of connector Ethernet Activity LED Number Component Description Barrel connector PowerLED left side of connector Ethernet Connectivity LED 3 LES1102A Front Panel What’s Included 1 LES1101A2 LES1102A Power Connection InstallationInstallation Network Connection Non RS-232 Serial Port Pinouts- LES1102A RX+ TX+ +VIN Non RS-232 Serial Port Pinouts- LES1101A+3V TX + System Configuration Connected PC/Workstation SetupManagement Console Connection System Configuration Browser connection Administrator Password Network IP Address System Services IPv6 configuration System Services screen Communications Software SDT ConnectorSDT connector SSH encrypted Forwarded to PuTTY SSHTerm Serial Port, Host, Device, and User Configuration Configure Serial Ports Serial Port, Host, Device, and User Configuration Common Settings Console Server Mode Serial Port, Host, Device, and User Configuration 1102 Secure Device Servers SDT Mode Device RPC, UPS, EMD Mode Terminal Server ModeSerial Bridging Mode Syslog Local Ethernet LAN LES1102A COM port Add/ Edit Users Serial Port, Host, Device, and User Configuration Authentication Network Hosts Trusted Networks Serial Port Redirection Managed Devices LES1102A Retail data systems Serial Port, Host, Device, and User Configuration Secure SSH Tunneling and SDT Connector Secure LocalLES1102A Serial Connected SDT Connector Client Configuration Secure SSH Tunneling and SDT ConnectorConfiguring for SSH Tunneling to Hosts SDT Connector installation 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Manually Adding Hosts to the SDT Connector Gateway Make an SDT Connection through the Gateway to a Host Manually Adding New Services to the New Hosts 10. Clients 1102 Secure Device Servers Adding a Client Program to be Started for the New Service 16. Telnet client Click OK SDT Connector to Management Console 17. Edit SDT host screen 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector SDT Connector Public Key Authentication Importing and Exporting Preferences Setting up SDT for Remote Desktop Access Configure the Remote Desktop Connection Client 23. Remote Desktop Users dialog box Use -p to receive password prompt Computer, enter the appropriate IP Address and Port NumberGeometry width x height or 70% screen percentage SDT SSH Tunnel for VNC For Linux servers and clients Install, Configure, and Connect the VNC Viewer 30. VNC authentication 1102 Secure Device Servers 33. Incoming TCP/IP properties Set up SDT Serial Ports on Console Server SSH Tunneling Using other SSH Clients for example, PuTTY Address of port01. Then select the RDP Service check box 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector 1102 Secure Device Servers Alerts and Logging Configure SMTP/SMS/SNMP/Nagios Alert ServiceAlerts and Logging Email Alerts SMS Alerts Snmp AlertsSelect Alerts & Logging Snmp Nagios Alerts Activate Alert Events and Notifications Configuring General Alert Types Add a New Alert Serial port signal alert Configuring Power Alert Type This alert type monitors UPSes, RPCs, and power devices Remote Log Storage Serial Port LoggingNetwork TCP or UDP Port Logging 1102 Secure Device Servers Remote Power Control RPC Power ManagementPower Management RPC Connection 1102 Secure Device Servers RPC Access Privileges and Alerts User Power Management Uninterruptible Power Supply Control UPS RPC StatusTurn on Turn OFF Cycle Status Managed UPS Connections Serial, USB, or Network Connections Managed As Device Type UPS and clicking Apply Click Add Managed UPS Power Management Remote UPS Management Controlling UPS Powered Computers UPS AlertsUPS Status Overview of Network UPS Tools NUT 12. Log table Refer to 1102 Secure Device Servers Local Authentication AuthenticationAuthentication Configuration Tacacs Authentication Radius Authentication Enter the Server Password Ldap Authentication RADIUS/TACACS User Configuration Pamldap PAM Pluggable Authentication ModulesPamtacplus Radius Example SSL Certificate SSL certificates screen Common name Challenge PasswordConfirm Challenge Password Organizational Unit Upload button LES1102A Network Managed hosts Services Nagios IntegrationNagios Overview Central Management and Setting Up SDT for Nagios Nagios IntegrationDistributed console servers Black Box console servers Setup Central Nagios Server Setup Distributed Console Servers Description enter Administrator connection Configuring Nagios Distributed Monitoring Enable Nagios on the Console ServerSelect Users & Groups from the Serial & Network menu LES1102A Serial Check Nagios Enable Nrpe MonitoringEnable Nsca Monitoring Tunneled SSH LES1102A Sendncsa Program/script Nagios Configure Selected Serial Ports for Nagios Monitoring Configure Selected Network Hosts for Nagios MonitoringConfigure the Upstream Nagios Monitoring Host Define service Commandname checknrpedaemon CommandlineCommandname checkserialstatus Commandline Hostname Server Use Generic-service Activechecksenabled Passivechecksenabled Define service Servicedescription port-log-serverServer Use Generic-service Checkportlog Basic Nagios Plug-Ins Number of Supported Devices Using Nagios in a local office Remote site Distributed Monitoring Usage Scenarios Remote site with restrictive firewall System Administration and Reset System Management Upgrade Firmware System Management Configure Date and Time Configuration Backup 109 Status Reports Port Access and Active UsersSelect the Status Port Access Statistics Status Reports Support Reports Dashboard Select Status Syslog Configuring the Dashboard Configure dashboard screen Creating Custom Widgets for the Dashboard Echo table Device Management ManagementManagement Port and Host Logs Serial Port Terminal Connection Select Manage Terminal Select Manage Power Configuration from the Command Line Accessing config from the Command Line # config -g config.users.user1.description Configuration from the Command LineConfig tool # config -g config Serial Port Configuration Device Mode SDT mode Syslog settings Terminal server modeSerial bridge mode Adding and Removing Users # ./delete-node config.users.user2 # config -r users Adding and Removing User Groups # config -g config.groups.total# config -a # rmuser Group7 # config -g config.sdt.hosts.total List of remote authentiction and authorization servers# config -r auth # config -s config.sdt.hosts.total=4 # config -hosts Log level for services# config -g config.devices.total # config -g config.portaccess.total Cascaded Ports # config -s config.cascade.slaves.total=1# config -r cascade UPS Connections RPC Connections # config -s config.ups.monitors.total=1# config -d config.ups.monitors.monitor1 Remote UPSes Port Log # config -d config.devices.device8To configure serial/network port logging To delete the above managed device Alerts General settings for all alertsSignal Alert Connection Alert # config -r alerts UPS Power Status AlertPower Sensor Alert Smtp and SMS Administration IP SettingsSnmp Date and Time Settings Services # config -r timeDhcp Server To configure Nrpe with following settings Nrpe port Enable SDT for Nagios ext Enabled SDT gateway addressPrefer Nrpe over Nsca Disabled defaults to Disabled Nagios Advanced Configuration ! Bin/sh /etc/scripts/alert-email $suffix # ./delete-node config.users.user3 NEWTOTAL=$ $TOTAL Echo Warning $TOTALNODE greater than number of items Add the following line to rc.local# loop indefinitely While true do Usage /etc/scripts/backup-usb Command File # configEtc/config/scripts/config-post # /etc/scripts/backup-usb check-magic Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2 To set the Manager Address field Config --set config.system.snmp.address2=w.x.y.zConfig --set config.system.snmp.trapport2=162 To set the Community field Snmp version 1 and 2c only $& ! $&$ $&% ! #$ Chown fred /etc/config/users/fred/.ssh/authorizedkeys#$! $ mkdir keys $ ssh-keygen -t rsa Http//openssh.org/portable.html ! Http//www openbsd.org/cgi-bin/man.cgi?query=sshdOpenSSH Windows http//sshwindows.sourceforge.net/download Ab7e33bd85505a430be0bd433f1ca5f8 # ssh remhost Offending key in /.ssh/knownhosts1 Client Keys Authorized Keys Uploading Keys +- ! !$ % !! #% #$! #$ #% Target Specification Powerstrip IdName or ID of the device support/id Powerstrip Targetaddress PpasswordPport Username #%& # Add a group or add an user to a group Add an user Appendix a Linux Commands and Source CodeAppendix A. Linux Commands and Source Code GNU Bourne-Again Shell Ip6tables LoginReboot Iptables-save Smbmnt VconfigSleep Smbmount 164