Manuals / Black Box / Computer Equipment / Server

Black Box LES1408A, LES1332A, LES144BA, LES1416A, LES1348A, LES1432A, LES1316A, LES1308A Blackbox.com

Models: LES1116A LES110BA LES1308A LES1348A LES144BA Value-Line and Advanced Console Servers LES114BA LES1432A LES1332A LES1316A LES1416A LES1208A-R2 LES1132A LES1216A-R2 LES1232A LES1248A-R2 LES1408A

1 286

Download 286 pages 6.23 Kb

Page 256

-Execute the PUTTYGEN.EXE program.

-Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section.

-It is important that you leave the passphrase field blank.

-Click on the Generate button.

-Follow the instruction to move the mouse over the blank area of the program in order to create random data used by PUTTYGEN to generate secure keys. Key generation will occur once PUTTYGEN has collected sufficient random data.

-Create a new file " authorized_keys " (with notepad) and copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file. Make sure there is only one line of text in this file.

-Use WinSCP to copy this "authorized_keys" file into the users home directory: e.g. /etc/config/users/testuser/.ssh/authorized_keys of the Black Box gateway which will be the SSH server. You will need to make sure this file is in the correct format with the correct permissions with the following commands:

# dos2unix \

/etc/config/users/testuser/.ssh/authorized_keys && chown testuser \ /etc/config/users/testuser/.ssh/authorized_keys

-Using WinSCP copy the attached sshd_config over /etc/config/sshd_config on the server (Makes sure public key authentication is enabled).

-Test the Public Key by logging in as "testuser" Test the Public Key by logging in as "testuser" to the client Black Box device and typing (you should not need to enter anything): # ssh -o StrictHostKeyChecking=no <server-ip>

_____________________________________________________________________

724-746-5500 blackbox.com

Page 256

Image 256

Black Box LES1408A, LES1332A, LES144BA, LES1416A, LES1348A, LES1432A, LES1316A, LES1308A, LES1232A, LES1208A-R2 Blackbox.com

Contents

Value-Line and Advanced Console Servers User’s Manual Value-Line and Advanced Console Servers Manual Blackbox.com Value-Line and Advanced Console Servers Manual Value-Line and Advanced Console Servers Manual Power connection Administrator PasswordSystem Services Management network configuration FIREWALL, Failover and OoB DIAL-IN OoB Dial-In Access Configuring for SSH Tunneling to HostsSDT Connector Client Configuration Serial Port Redirection Managed Devices IPsec VPN SDT Connector to Management Console SDT Connector Public Key AuthenticationSetting up SDT for Remote Desktop access SSH Tunneling using other SSH clients e.g. PuTTY Remote Power Control RPC Uninterruptible Power Supply Control UPSAuthentication Configuration PAM Pluggable Authentication Modules 13.4 Power Management 212 203209 213 Raw Access to Serial Ports Modifying Snmp ConfigurationSecure Shell SSH Public Key Authentication Power Strip Control Appendix Chapter Introduction This ManualManual Organization Server Management Console Types of usersConsole server Manual Conventions Publishing history Date Revision Update details Copyright Introduction Chapter InstallationModels Kit components LES1508A Console Server Blackbox.com 1 LES1508A power Power connectionKit components LES1108A Console Server 2 LES1116A, LES1132A and LES1148A power Network connection 4 LES1108A powerSerial Port connection PIN Signal Definition Direction USB Port Connection Before powering on the console server Antenna and SIM Management console connection Chapter Initial System ConfigurationIP address Browser connection Blackbox.com Administrator Password Network IP address Set up new administratorName the console server Configuration Method 1 IPv6 configuration Dynamic DNS Ddns configuration System Services Service Access Blackbox.com Message Changes to configuration succeeded Service Settings  Select the Service Settings tab on the System Services Communications Software SDT Connector PuTTY Management network configuration SSHTerm Enable the Management LAN Configure the Dhcp server  Check Enable Dhcp Server Select Failover or broadband OOB Blackbox.com Aggregating the network ports Static routes To add to the static route to the route table of the system Serial Port, Host, Device & User Configuration Configure Serial Ports Common Settings Console Server Mode Blackbox.com Blackbox.com Blackbox.com Blackbox.com SDT Mode Device RPC, UPS, EMD Mode Terminal Server Mode Serial Bridging Mode Add/ Edit Users Cisco USB console connection Admin PptpdDialin Ftp Blackbox.com Blackbox.com Authentication Network Hosts Trusted Networks  Select Serial & Network Trusted Networks Serial Port Cascading Automatically generate and upload SSH keys  Select RSA Keys and/or DSA Keys  Check Generate SSH keys automatically and click ApplyManually generate and upload SSH keys # ssh remhost Configure the slaves and their serial ports Serial Port Redirection Managing the Slaves Managed Devices  Select Serial & Network Managed Devices Add Connection IPsec VPN Enable the VPN gateway  Select IPsec VPN on the Serial & Networks menu Enable the OpenVPN  Select OpenVPN on the Serial & Networks menu Configure as Server or Client Windows OpenVPN Client and Server set up Windows client/server configuration file options are AES Blackbox.com Pptp VPN None  Click Apply Settings Add a Pptp user Set up a remote Pptp client Blackbox.com Chapter Firewall, Failover and OoB Dial Access OoB Dial-In Access Configure Dial-In PPP  Check Enable Dial-In MSCHAPv2 Using SDT Connector client Set up Windows XP/ 2003/Vista/7 client Set up earlier Windows clients OoB broadband accessSet up Linux clients for dial-in Broadband Ethernet Failover Dial-Out Failover Always-on dial-out Blackbox.com Failover dial-out Connect to the GSM HSUPA/UMTS carrier network Blackbox.com Otasp Activation Connect to the Cdma EV-DO carrier networkManual Activation Verify cellular connection Cellular modem watchdog OOB access set up Cellular failover setup  Check Enable Dial-In and configure the Dial-In Settings Cellular CSD dial-in setupCellular routing Firewall & Forwarding Configuring network forwarding and IP masquerading Manual Configuration Configuring client devicesDhcp Configuration Port forwarding  Click Add New Port Forward Firewall rules Dialout/Cellular, VPN, Network Interface, Dial-in etc  Click New Firewall RuleInterface Dialout/Cellular Port Range Interface Port RangeSource IP Destination IP Chapter Secure SSH Tunneling & SDT Connector Configuring for SSH Tunneling to Hosts SDT Connector Client Configuration SDT Connector installation  Run the set-up program Blackbox.com Blackbox.com Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Blackbox.com Adding a client program to be started for the new service Blackbox.com SDT Connector to Management Console Dial in configuration Blackbox.com  Click Add, then scroll to the bottom and click Apply Blackbox.com Importing and exporting preferences Pon networkconnection SDT Connector Public Key Authentication OpenSSH Windows http//sshwindows.sourceforge.net/download Setting up SDT for Remote Desktop access Configure the Remote Desktop Connection client Blackbox.com  Click Connect Option Description On a Macintosh client SDT SSH Tunnel for VNC Install, configure and connect the VNC Viewer Blackbox.com Blackbox.com Blackbox.com From  Select Allow calling computer to specify its own address Set up SDT Serial Ports on console server SSH Tunneling using other SSH clients e.g. PuTTY Blackbox.com Blackbox.com Configure Auto-Response Chapter Alerts, Auto-response Logging Blackbox.com UPS / Power Supply  Click on UPS / Power Supply as the Check Condition Check Save Auto-Response UPS Status  Click on UPS Status as the Check Condition  Click on Icmp Ping as the Check Condition Serial Login/Logout Check Save Auto-Response Cellular Data  Click on SMS Command as the Check Condition  Check Save Auto-Response SMS Command Click on Custom Check as the Check Condition Action Delay Time Send Email Send SMS Send Email alerts  Click Save New Action Select Alerts & Logging Smtp &SMS Send SMS alerts SMS via Email Gateway  Select Cellular Modem In the SMS Settings field SMS via Cellular Modem Send Snmp trap alerts  Select Alerts & Logging Snmp Logging Nagios alertsNetwork Serial Ports refer to Chapter Log storage Serial port logging Network TCP and UDP port logging Power device loggingAuto-Response event logging Remote Power Control RPC Chapter Power & Environmental ManagementRPC connection Blackbox.com Blackbox.com User power management RPC access privileges and alertsTurn on Turn OFF Cycle Status Uninterruptible Power Supply Control UPSRPC status Managed UPS connections Blackbox.com Blackbox.com Remote UPS management Controlling UPS powered computers UPS alerts Monitor managedups@192.168.0.1 1 username password slaveUPS status Overview of Network UPS Tools NUT Blackbox.com Environmental Monitoring Connecting the EMD Blackbox.com Environmental alerts Environmental status Chapter Authentication Authentication Configuration Tacacs authentication Radius authentication  Enter the Server Password Ldap authentication Blackbox.com RADIUS/TACACS User Configuration Group support with remote authentication Remote groups with Ldap authentication Remote groups with Radius authenticationNetwork Administration Group DN Remote groups with TACACS+ authentication Idle timeout Select Serial and Network Authentication Kerberos authentication PAM Pluggable Authentication Modules Authentication testing TACACS+ SSL Certificate Blackbox.com Blackbox.com Chapter Nagios Integration Central management and setting up SDT for Nagios Nagios Overview Set up central Nagios server Distributed console servers Black Box console servers Set up distributed console servers Description, for example Windows 2003 IIS Server  In Description enter Administrator connection  Select Serial Port from the Serial & Network menu Click Console server Mode, and select Logging Level  Check Nagios Nsca Configuring Nagios distributed monitoring Enable Nagios on the console serverEnabled  Select Users & Groups from the Serial & Network menu  Select System Nagios and check Nrpe Enabled Enable Nrpe monitoringEnable Nsca monitoring  Select System Nagios and check Nsca Enabled Configure Selected Serial Ports for Nagios MonitoringConfigure Selected Network Hosts for Nagios Monitoring Permitted Service Configure the upstream Nagios monitoring host Advanced Distributed Monitoring ConfigurationSample Nagios configuration Hostname Black Box Checkportlog CheckpingviaBlack Box CheckconnviaBlack Box Executionfailurecriteria SSH Port Define commandBasic Nagios plug-ins Additional plug-ins Number of supported devices Distributed Monitoring Usage Scenarios Local office II. Remote site Remote site with restrictive firewall Remote site with no network access System Administration and Reset Chapter System Management Upgrade Firmware Configure Date and Time Configuration Backup Blackbox.com Blackbox.com Delayed Configuration Commit Fips Mode  Select the System Administration menu option Port Access and Active Users  Select the Status Port AccessChapter Status Reports Statistics Support Reports Syslog Select the Status Statistics  Select Status Syslog Configuring the Dashboard Dashboard Blackbox.com Blackbox.com Creating custom widgets for the Dashboard Echo table Chapter Management Device Management Port and Host Logs Web Terminal to Command LineWeb Terminal  Check Web Terminal and click Apply SDT Connector access Select Manage Terminal Power Management  Select Manage Power Chapter Command Line Configuration Accessing config from the command line Description SyntaxOptions At /etc/config/config.xml Run=configurator# /bin/config -d element name Listed below Serial Port configuration Console server mode Device Mode Serial bridge mode # config -s config.ports.port5.mode=bridgeConfig.ports.port5.bridge.ssh.enabled=on Syslog settings # config -d config.users.user2.port1 # config -g config.users.totalAdding and Removing Users # ./delete-node config.users.user2 # config -r users# config -g config.groups.total Adding and removing user Groups # config -a # config -r auth # config -g config.sdt.hosts.total # config -s config.sdt.hosts.total=4Add power device host Add other network host # config -g config.devices.total # config -hosts# config -g config.portaccess.total Cascaded Ports UPS Connections # config -r cascadeManaged UPSes RPC Connections # config -s config.ups.monitors.total=1Remote UPSes Environmental Port Log # config -d config.devices.device8User Syslog Mail News Error General settings for all alertsSignal Alert Alerts Environmental and Power Sensor Alert UPS Power Status AlertPattern Match Alert Alarm Sensor Alert # config -r alerts# config -s config.system.smtp.server2=mail.Black Box.com Smtp & SMS IP settings AdministrationSnmp Date & Time Settings Dial-in settings # config -s config.system.timezone=US/Eastern# config -r time # config -s config.console.ppp.defaultroute=on Services Nagios Blowfish Twofish RIJNDAEL-256 Serpent Gost Chapter Advanced Configuration Using IPMItoolsCustom script to run when booting Custom Scripting Running custom scripts when alerts are triggered # dos2unix /etc/config/rc.local# cd Example script Power Cycling on Pattern Match Deleting Configuration Values from the CLIExample script Multiple email notifications on each alert Bin/sh /etc/scripts/alert-email $suffix # ./delete-node config.users.user3 Delete-node script NEWTOTAL=$ $TOTAL While $COUNTER != $TOTAL-NUMBER+1 do Power Cycle any device when a ping request fails Ping-detect script Running custom scripts when a configurator is invoked # /etc/scripts/backup-usb load filename # /etc/scripts/backup-usb listBacking-up the configuration off-box Portmanager commands Advanced PortmanagerPmshell Pmchat Signals PmusersPortmanager daemon External Scripts and Alerts Raw Access to Serial Ports Access to serial ports Etc/config/ipfilter Accessing the console/modem portIP- Filtering 15.5.1 /etc/config/snmpd.conf Modifying Snmp ConfigurationSysdescr Black Box Syscontact Adding more than one Snmp server Config --set config.system.snmp.password2=yourpassword Secure Shell SSH Public Key AuthenticationSSH Overview Installing the SSH Public/Private Keys Clustering Generating Public Keys Linux$ ssh-keygen -t rsadsa 28aa2938ba40f4115e3fd4fae53614d6 user@server Installing SSH Public Key Authentication Linux Chown fred /etc/config/users/fred/.ssh/authorizedkeys Blackbox.com Generating public/private keys for SSH Windows Blackbox.com Ab7e33bd85505a430be0bd433f1ca5f8 FingerprintingOffending key in /.ssh/knownhosts1 SSH tunneled serial bridging Client Keys Public key to refer to either idrsa.pub or iddsa.pub Authorized Keys SDT Connector Public Key Authentication Secure Sockets Layer SSL Support$ ls /home/user/keys Uploading Keys Https Generating an encryption keyOpenssl genrsa -des3 -out sslkey.pem Generating a self-signed certificate with OpenSSL Power Strip Control Installing the key and certificateLaunching the Https Server Kill -HUP `cat /var/run/inetd.pid` Target Specification PowerMan toolSynopsis Pmpower tool Powerman --on foo0,4-5Adding new RPC devices Blackbox.com IPMItool P-f password -o oemtype commandIpmitool -c-h-v-V-I lan -H hostname -p port Aauthtype CciphersuiteIinterface Lprivlvl Help Ipmitool help Ipmitool chassis power help Custom Development Kit CDKScripts for Managing Slaves Ipmitool chassis help Select Serial & Network Serial Port, Edit the serial ports Select Alerts & Logging Port LogSelect Status Support Report Appendix a Linux Commands & Source Code Blackbox.com Blackbox.com Blackbox.com Commands Sigspec -n signum -si let arg arg Appendix B Hardware Specifications Feature Value Appendix C Safety & Certifications FCC Warning Statement Read Before Using the Accompanying Software Appendix F End User License Agreement JSch License SDT Connector License Blackbox.com No Warranty Blackbox.com Blackbox.com Black Box Tech Support FREE! Live /7