Secure SSH Tunneling and SDT Connector | Black Box 1101, 1102

Chapter 6: Secure SSH Tunneling and SDT Connector

Figure 6-37. Set destination.

If your destination computer is serially connected to the console server, set the Destination as <port label>:3389. For example, if the Label you specified on the serial port on the console server is win2k3, then specify the remote host as win2k3:3389. Or, you can set the Destination as portXX:3389 (where XX is the SDT enabled serial port number). For example, if port 2 is on the console server is to carry the RDP traffic, then specify port02:3389.

NOTE: http://www.jfitz.com/tips/putty_config.html has useful examples on configuring PuTTY for SSH tunneling.

Select Local and click the Add button.

Click Open to SSH connect the Client PC to the console server. You will now be prompted for the Username/Password for the console server user.

Figure 6-38. Enter username and password.

If you are connecting as a User in the “users” group, then you can only SSH tunnel to Hosts and Serial Ports where you have specific access permission.

If you are connecting as an Administrator (in the “admin” group), then you can connect to any configured Host or Serial Ports (that has SDT enabled).

To set up the secure SSH tunnel for a HTTP browser connection to the Managed Device, specify port 80 (instead of port 3389 that was used for RDP) in the Destination IP address.

To set up the secure SSH tunnel from the Client (Viewer) PC to the console server for VNC, follow the steps above, but when you configure the VNC port redirection, specify port 5900 in the Destination IP address.

724-746-5500 blackbox.com

65

Image 65

Black Box 1101, Secure Device Servers, 1102 manual Secure SSH Tunneling and SDT Connector

Contents

1102 Secure Device Servers 1102 Secure Device Servers FCC and IC RFI Statements Normas Oficiales Mexicanas NOM Electrical Safety Statement Trademarks Used in this Manual Table of Contents Add a New Alert Local Authentication Tacacs AuthenticationSMS Alerts Snmp Alerts 107 106108 110 PowerMan Tool Installing the Key and CertificatePmpower Tool Fingerprinting Specifications Specifications Types of Users Overview 2.1 IntroductionManual Organization Hardware Description 2.5.1 LES1101A Front Panel OverviewManagement Console 2 LES1101A Back Panel Number Component Description DB9 connectorEthernet Connectivity LED RJ-45 Ethernet Activity LED left side of connector Ethernet Connectivity LED Number Component Description Barrel connector PowerLED right side of connector Ethernet Activity LED 3 LES1102A Front Panel 2 LES1102A What’s Included1 LES1101A Installation InstallationPower Connection Network Connection Non RS-232 Serial Port Pinouts- LES1102A +3V Non RS-232 Serial Port Pinouts- LES1101ARX+ TX+ +VIN TX + Management Console Connection System ConfigurationConnected PC/Workstation Setup Browser connection System Configuration Administrator Password Network IP Address IPv6 configuration System Services System Services screen SDT connector SSH encrypted SDT ConnectorCommunications Software Forwarded to SSHTerm PuTTY Configure Serial Ports Serial Port, Host, Device, and User Configuration Common Settings Serial Port, Host, Device, and User Configuration Console Server Mode Serial Port, Host, Device, and User Configuration 1102 Secure Device Servers SDT Mode Serial Bridging Mode Device RPC, UPS, EMD ModeTerminal Server Mode Local Ethernet LAN LES1102A COM port Syslog Add/ Edit Users Serial Port, Host, Device, and User Configuration Network Hosts Authentication Serial Port Redirection Trusted Networks LES1102A Retail data systems Managed Devices Serial Port, Host, Device, and User Configuration LES1102A Serial Connected Secure SSH Tunneling and SDT ConnectorSecure Local Configuring for SSH Tunneling to Hosts Secure SSH Tunneling and SDT ConnectorSDT Connector Client Configuration SDT Connector installation 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Make an SDT Connection through the Gateway to a Host Manually Adding Hosts to the SDT Connector Gateway 10. Clients Manually Adding New Services to the New Hosts 1102 Secure Device Servers Adding a Client Program to be Started for the New Service 16. Telnet client Click OK 17. Edit SDT host screen SDT Connector to Management Console 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Importing and Exporting Preferences SDT Connector Public Key Authentication Setting up SDT for Remote Desktop Access 23. Remote Desktop Users dialog box Configure the Remote Desktop Connection Client Geometry width x height or 70% screen percentage Use -p to receive password promptComputer, enter the appropriate IP Address and Port Number SDT SSH Tunnel for VNC For Linux servers and clients Install, Configure, and Connect the VNC Viewer 30. VNC authentication 1102 Secure Device Servers 33. Incoming TCP/IP properties Set up SDT Serial Ports on Console Server Address of port01. Then select the RDP Service check box SSH Tunneling Using other SSH Clients for example, PuTTY 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector 1102 Secure Device Servers Alerts and Logging Configure SMTP/SMS/SNMP/Nagios Alert ServiceAlerts and Logging Email Alerts Select Alerts & Logging Snmp SMS AlertsSnmp Alerts Activate Alert Events and Notifications Nagios Alerts Add a New Alert Configuring General Alert Types Serial port signal alert This alert type monitors UPSes, RPCs, and power devices Configuring Power Alert Type Network TCP or UDP Port Logging Remote Log StorageSerial Port Logging 1102 Secure Device Servers Power Management Power ManagementRemote Power Control RPC RPC Connection 1102 Secure Device Servers User Power Management RPC Access Privileges and Alerts Turn on Turn OFF Cycle Status Uninterruptible Power Supply Control UPSRPC Status Serial, USB, or Network Connections Managed Managed UPS Connections Click Add Managed UPS As Device Type UPS and clicking Apply Power Management Remote UPS Management UPS Status Controlling UPS Powered ComputersUPS Alerts 12. Log table Overview of Network UPS Tools NUT Refer to 1102 Secure Device Servers Authentication Configuration AuthenticationLocal Authentication Tacacs Authentication Enter the Server Password Radius Authentication RADIUS/TACACS User Configuration Ldap Authentication Pamtacplus PAM Pluggable Authentication ModulesPamldap Radius Example SSL certificates screen SSL Certificate Confirm Challenge Password Challenge PasswordCommon name Organizational Unit Upload button Nagios Overview LES1102A Network Managed hosts ServicesNagios Integration Distributed console servers Black Box console servers Central Management and Setting Up SDT for NagiosNagios Integration Setup Distributed Console Servers Setup Central Nagios Server Description enter Administrator connection Select Users & Groups from the Serial & Network menu Configuring Nagios Distributed MonitoringEnable Nagios on the Console Server Enable Nsca Monitoring Enable Nrpe MonitoringLES1102A Serial Check Nagios Tunneled SSH LES1102A Sendncsa Program/script Nagios Configure the Upstream Nagios Monitoring Host Configure Selected Serial Ports for Nagios MonitoringConfigure Selected Network Hosts for Nagios Monitoring Commandname checkserialstatus Commandline Commandname checknrpedaemon CommandlineDefine service Hostname Server Use Generic-service Server Use Generic-service Define service Servicedescription port-log-serverActivechecksenabled Passivechecksenabled Checkportlog Number of Supported Devices Basic Nagios Plug-Ins Distributed Monitoring Usage Scenarios Using Nagios in a local office Remote site Remote site with restrictive firewall System Management System Administration and Reset System Management Upgrade Firmware Configuration Backup Configure Date and Time 109 Select the Status Port Access Port Access and Active UsersStatus Reports Statistics Support Reports Status Reports Select Status Syslog Dashboard Configure dashboard screen Configuring the Dashboard Echo table Creating Custom Widgets for the Dashboard Management ManagementDevice Management Port and Host Logs Select Manage Terminal Serial Port Terminal Connection Select Manage Power Accessing config from the Command Line Configuration from the Command Line Config tool Configuration from the Command Line# config -g config.users.user1.description # config -g config Serial Port Configuration SDT mode Device Mode Serial bridge mode Terminal server modeSyslog settings Adding and Removing Users # config -r users # ./delete-node config.users.user2 # config -a # config -g config.groups.totalAdding and Removing User Groups # rmuser Group7 # config -r auth List of remote authentiction and authorization servers# config -g config.sdt.hosts.total # config -s config.sdt.hosts.total=4 # config -g config.devices.total Log level for services# config -hosts # config -g config.portaccess.total # config -r cascade # config -s config.cascade.slaves.total=1Cascaded Ports UPS Connections # config -d config.ups.monitors.monitor1 # config -s config.ups.monitors.total=1RPC Connections Remote UPSes To configure serial/network port logging # config -d config.devices.device8Port Log To delete the above managed device Signal Alert General settings for all alertsAlerts Connection Alert Power Sensor Alert UPS Power Status Alert# config -r alerts Smtp and SMS Snmp AdministrationIP Settings Date and Time Settings Dhcp Server Services# config -r time Prefer Nrpe over Nsca Disabled defaults to Disabled Enable SDT for Nagios ext Enabled SDT gateway addressTo configure Nrpe with following settings Nrpe port Nagios Bin/sh /etc/scripts/alert-email $suffix Advanced Configuration! # ./delete-node config.users.user3 Echo Warning $TOTALNODE greater than number of items NEWTOTAL=$ $TOTAL # loop indefinitely While true do Add the following line to rc.local Etc/config/scripts/config-post # configUsage /etc/scripts/backup-usb Command File # /etc/scripts/backup-usb check-magic Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2 Config --set config.system.snmp.trapport2=162 Config --set config.system.snmp.address2=w.x.y.zTo set the Manager Address field To set the Community field Snmp version 1 and 2c only $&% ! $& ! $&$ #$! Chown fred /etc/config/users/fred/.ssh/authorizedkeys#$ $ mkdir keys $ ssh-keygen -t rsa Http//openssh.org/portable.html OpenSSH Windows http//sshwindows.sourceforge.net/download ! Http//www openbsd.org/cgi-bin/man.cgi?query=sshd # ssh remhost Ab7e33bd85505a430be0bd433f1ca5f8 Offending key in /.ssh/knownhosts1 Client Keys Uploading Keys Authorized Keys !$ % +- ! !! #$ #$! #% #% Target Specification Powerstrip IdName or ID of the device support/idPowerstrip Pport PpasswordTargetaddress Username # #%& Appendix A. Linux Commands and Source Code Appendix a Linux Commands and Source CodeAdd a group or add an user to a group Add an user GNU Bourne-Again Shell Reboot LoginIp6tables Iptables-save Sleep VconfigSmbmnt Smbmount 164