Manuals / Black Box / Computer Equipment / Server

Black Box LES114BA, LES1332A Serial Port Cascading, Automatically generate and upload SSH keys

Models: LES1116A LES110BA LES1308A LES1348A LES144BA Value-Line and Advanced Console Servers LES114BA LES1432A LES1332A LES1316A LES1416A LES1208A-R2 LES1132A LES1216A-R2 LES1232A LES1248A-R2 LES1408A

1 286

Download 286 pages 6.23 Kb

Page 62

Network Mask

255.255.255.255

If, however, you want to allow all the users operating from within a specific range of IP addresses (for example, any of the thirty addresses from 204.15.5.129 to 204.15.5.158) to be permitted connection to the nominated port:

Host /Subnet Address

Subnet Mask

Click Apply.

204.15.5.128

255.255.255.224

Note The above Trusted Networks will limit Users and Administrators access to the console serial ports. They do not restrict access to the console server itself or to attached hosts. To change the default settings for this access, you will to need to edit the IPtables rules as described in Chapter 14—Advanced.

4.6Serial Port Cascading

Cascaded Ports enables you to cluster distributed console servers. A large number of serial ports (up to 1000) can be configured and accessed through one IP address and managed through one Management Console. One console server, the Master, controls other console servers as Slave units and all the serial ports on the Slave units appear as if they are part of the Master.

Black Box’s clustering connects each Slave to the Master with an SSH connection. This uses public key authentication so the Master can access each Slave using the SSH key pair (rather than using passwords). This ensures secure authenticated communications between Master and Slaves, enabling the Slave console server units to be distributed locally on a LAN or remotely around the world.

4.6.1Automatically generate and upload SSH keys

To set up public key authentication, you must first generate an RSA or DSA key pair and upload them into the Master and Slave console servers. This can all be done automatically from the Master.

_____________________________________________________________________

724-746-5500 blackbox.com

Page 62

Image 62

Black Box LES114BA, LES1332A, LES1408A, LES144BA, LES1416A Serial Port Cascading, Automatically generate and upload SSH keys

Contents

Value-Line and Advanced Console Servers User’s Manual Value-Line and Advanced Console Servers Manual Blackbox.com Value-Line and Advanced Console Servers Manual Value-Line and Advanced Console Servers Manual System Services Power connectionAdministrator Password Management network configuration SDT Connector Client Configuration FIREWALL, Failover and OoB DIAL-IN OoB Dial-In AccessConfiguring for SSH Tunneling to Hosts Serial Port Redirection Managed Devices IPsec VPN Setting up SDT for Remote Desktop access SDT Connector to Management ConsoleSDT Connector Public Key Authentication SSH Tunneling using other SSH clients e.g. PuTTY Authentication Configuration Remote Power Control RPCUninterruptible Power Supply Control UPS PAM Pluggable Authentication Modules 209 13.4 Power Management 212203 213 Secure Shell SSH Public Key Authentication Raw Access to Serial PortsModifying Snmp Configuration Power Strip Control Appendix Manual Organization Chapter IntroductionThis Manual Server Console server Types of usersManagement Console Manual Conventions Publishing history Date Revision Update details Copyright Models Chapter InstallationIntroduction Kit components LES1508A Console Server Blackbox.com Kit components LES1108A Console Server Power connection1 LES1508A power 2 LES1116A, LES1132A and LES1148A power Serial Port connection 4 LES1108A powerNetwork connection PIN Signal Definition Direction USB Port Connection Before powering on the console server Antenna and SIM IP address Chapter Initial System ConfigurationManagement console connection Browser connection Blackbox.com Administrator Password Name the console server Set up new administratorNetwork IP address Configuration Method 1 IPv6 configuration Dynamic DNS Ddns configuration System Services Service Access Blackbox.com Message Changes to configuration succeeded Service Settings  Select the Service Settings tab on the System Services Communications Software SDT Connector PuTTY Management network configuration SSHTerm Enable the Management LAN Configure the Dhcp server  Check Enable Dhcp Server Select Failover or broadband OOB Blackbox.com Aggregating the network ports Static routes To add to the static route to the route table of the system Serial Port, Host, Device & User Configuration Configure Serial Ports Common Settings Console Server Mode Blackbox.com Blackbox.com Blackbox.com Blackbox.com SDT Mode Device RPC, UPS, EMD Mode Terminal Server Mode Serial Bridging Mode Add/ Edit Users Cisco USB console connection Dialin AdminPptpd Ftp Blackbox.com Blackbox.com Authentication Network Hosts Trusted Networks  Select Serial & Network Trusted Networks Serial Port Cascading Automatically generate and upload SSH keys Manually generate and upload SSH keys  Check Generate SSH keys automatically and click Apply Select RSA Keys and/or DSA Keys # ssh remhost Configure the slaves and their serial ports Serial Port Redirection Managing the Slaves Managed Devices  Select Serial & Network Managed Devices Add Connection IPsec VPN Enable the VPN gateway  Select IPsec VPN on the Serial & Networks menu Enable the OpenVPN  Select OpenVPN on the Serial & Networks menu Configure as Server or Client Windows OpenVPN Client and Server set up Windows client/server configuration file options are AES Blackbox.com Pptp VPN None  Click Apply Settings Add a Pptp user Set up a remote Pptp client Blackbox.com Chapter Firewall, Failover and OoB Dial Access OoB Dial-In Access Configure Dial-In PPP  Check Enable Dial-In MSCHAPv2 Using SDT Connector client Set up Windows XP/ 2003/Vista/7 client Set up Linux clients for dial-in OoB broadband accessSet up earlier Windows clients Broadband Ethernet Failover Dial-Out Failover Always-on dial-out Blackbox.com Failover dial-out Connect to the GSM HSUPA/UMTS carrier network Blackbox.com Manual Activation Connect to the Cdma EV-DO carrier networkOtasp Activation Verify cellular connection Cellular modem watchdog OOB access set up Cellular failover setup Cellular routing Cellular CSD dial-in setup Check Enable Dial-In and configure the Dial-In Settings Firewall & Forwarding Configuring network forwarding and IP masquerading Dhcp Configuration Configuring client devicesManual Configuration Port forwarding  Click Add New Port Forward Firewall rules Interface Dialout/Cellular Port Range  Click New Firewall RuleDialout/Cellular, VPN, Network Interface, Dial-in etc Source IP InterfacePort Range Destination IP Chapter Secure SSH Tunneling & SDT Connector Configuring for SSH Tunneling to Hosts SDT Connector Client Configuration SDT Connector installation  Run the set-up program Blackbox.com Blackbox.com Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Blackbox.com Adding a client program to be started for the new service Blackbox.com SDT Connector to Management Console Dial in configuration Blackbox.com  Click Add, then scroll to the bottom and click Apply Blackbox.com Importing and exporting preferences Pon networkconnection SDT Connector Public Key Authentication OpenSSH Windows http//sshwindows.sourceforge.net/download Setting up SDT for Remote Desktop access Configure the Remote Desktop Connection client Blackbox.com  Click Connect Option Description On a Macintosh client SDT SSH Tunnel for VNC Install, configure and connect the VNC Viewer Blackbox.com Blackbox.com Blackbox.com From  Select Allow calling computer to specify its own address Set up SDT Serial Ports on console server SSH Tunneling using other SSH clients e.g. PuTTY Blackbox.com Blackbox.com Configure Auto-Response Chapter Alerts, Auto-response Logging Blackbox.com  Check Save Auto-Response UPS Status UPS / Power Supply Click on UPS / Power Supply as the Check Condition  Click on UPS Status as the Check Condition  Check Save Auto-Response Cellular Data Serial Login/Logout Click on Icmp Ping as the Check Condition  Click on Custom Check as the Check Condition  Check Save Auto-Response SMS Command Click on SMS Command as the Check Condition Action Delay Time Send Email Send SMS  Select Alerts & Logging Smtp &SMS  Click Save New ActionSend Email alerts Send SMS alerts SMS via Email Gateway  Select Cellular Modem In the SMS Settings field SMS via Cellular Modem Send Snmp trap alerts  Select Alerts & Logging Snmp Network Serial Ports refer to Chapter LoggingNagios alerts Log storage Serial port logging Auto-Response event logging Power device loggingNetwork TCP and UDP port logging RPC connection Chapter Power & Environmental ManagementRemote Power Control RPC Blackbox.com Blackbox.com Turn on RPC access privileges and alertsUser power management RPC status Uninterruptible Power Supply Control UPSTurn OFF Cycle Status Managed UPS connections Blackbox.com Blackbox.com Remote UPS management Controlling UPS powered computers UPS status Monitor managedups@192.168.0.1 1 username password slaveUPS alerts Overview of Network UPS Tools NUT Blackbox.com Environmental Monitoring Connecting the EMD Blackbox.com Environmental alerts Environmental status Chapter Authentication Authentication Configuration Tacacs authentication Radius authentication  Enter the Server Password Ldap authentication Blackbox.com RADIUS/TACACS User Configuration Group support with remote authentication Network Remote groups with Radius authenticationRemote groups with Ldap authentication Administration Group DN  Select Serial and Network Authentication Remote groups with TACACS+ authenticationIdle timeout Kerberos authentication PAM Pluggable Authentication Modules Authentication testing TACACS+ SSL Certificate Blackbox.com Blackbox.com Chapter Nagios Integration Central management and setting up SDT for Nagios Nagios Overview Set up central Nagios server Distributed console servers Black Box console servers Set up distributed console servers Description, for example Windows 2003 IIS Server  Click Console server Mode, and select Logging Level  In Description enter Administrator connection Select Serial Port from the Serial & Network menu  Check Nagios Nsca Enabled Configuring Nagios distributed monitoringEnable Nagios on the console server  Select Users & Groups from the Serial & Network menu Enable Nsca monitoring Enable Nrpe monitoring Select System Nagios and check Nrpe Enabled Configure Selected Network Hosts for Nagios Monitoring  Select System Nagios and check Nsca EnabledConfigure Selected Serial Ports for Nagios Monitoring Permitted Service Sample Nagios configuration Advanced Distributed Monitoring ConfigurationConfigure the upstream Nagios monitoring host Hostname Black Box Checkportlog CheckpingviaBlack Box Basic Nagios plug-ins Executionfailurecriteria SSH Port Define commandCheckconnviaBlack Box Additional plug-ins Number of supported devices Distributed Monitoring Usage Scenarios Local office II. Remote site Remote site with restrictive firewall Remote site with no network access System Administration and Reset Chapter System Management Upgrade Firmware Configure Date and Time Configuration Backup Blackbox.com Blackbox.com Delayed Configuration Commit Fips Mode  Select the System Administration menu option Chapter Status Reports Port Access and Active Users Select the Status Port Access Statistics  Select the Status Statistics Support ReportsSyslog  Select Status Syslog Configuring the Dashboard Dashboard Blackbox.com Blackbox.com Creating custom widgets for the Dashboard Echo table Chapter Management Device Management Web Terminal Web Terminal to Command LinePort and Host Logs  Select Manage Terminal SDT Connector access Check Web Terminal and click Apply Power Management  Select Manage Power Chapter Command Line Configuration Accessing config from the command line Options SyntaxDescription # /bin/config -d element name At /etc/config/config.xmlRun=configurator Listed below Serial Port configuration Console server mode Device Mode Config.ports.port5.bridge.ssh.enabled=on Serial bridge mode# config -s config.ports.port5.mode=bridge Syslog settings Adding and Removing Users # config -g config.users.total# config -d config.users.user2.port1 # config -g config.groups.total # ./delete-node config.users.user2# config -r users Adding and removing user Groups # config -a # config -r auth Add power device host # config -g config.sdt.hosts.total# config -s config.sdt.hosts.total=4 Add other network host # config -g config.portaccess.total # config -g config.devices.total# config -hosts Cascaded Ports Managed UPSes # config -r cascadeUPS Connections Remote UPSes # config -s config.ups.monitors.total=1RPC Connections Environmental User Syslog Mail News # config -d config.devices.device8Port Log Signal Alert ErrorGeneral settings for all alerts Alerts Pattern Match Alert UPS Power Status AlertEnvironmental and Power Sensor Alert # config -s config.system.smtp.server2=mail.Black Box.com Alarm Sensor Alert# config -r alerts Smtp & SMS Snmp AdministrationIP settings Date & Time Settings # config -r time Dial-in settings# config -s config.system.timezone=US/Eastern # config -s config.console.ppp.defaultroute=on Services Nagios Blowfish Twofish RIJNDAEL-256 Serpent Gost Custom script to run when booting Chapter Advanced ConfigurationUsing IPMItools Custom Scripting # cd # dos2unix /etc/config/rc.localRunning custom scripts when alerts are triggered Example script Multiple email notifications on each alert Example script Power Cycling on Pattern MatchDeleting Configuration Values from the CLI Bin/sh /etc/scripts/alert-email $suffix # ./delete-node config.users.user3 Delete-node script NEWTOTAL=$ $TOTAL While $COUNTER != $TOTAL-NUMBER+1 do Power Cycle any device when a ping request fails Ping-detect script Running custom scripts when a configurator is invoked Backing-up the configuration off-box # /etc/scripts/backup-usb list# /etc/scripts/backup-usb load filename Pmshell Portmanager commandsAdvanced Portmanager Pmchat Portmanager daemon SignalsPmusers External Scripts and Alerts Raw Access to Serial Ports Access to serial ports IP- Filtering Accessing the console/modem portEtc/config/ipfilter Sysdescr Black Box Syscontact Modifying Snmp Configuration15.5.1 /etc/config/snmpd.conf Adding more than one Snmp server SSH Overview Secure Shell SSH Public Key AuthenticationConfig --set config.system.snmp.password2=yourpassword $ ssh-keygen -t rsadsa Installing the SSH Public/Private Keys ClusteringGenerating Public Keys Linux 28aa2938ba40f4115e3fd4fae53614d6 user@server Installing SSH Public Key Authentication Linux Chown fred /etc/config/users/fred/.ssh/authorizedkeys Blackbox.com Generating public/private keys for SSH Windows Blackbox.com Offending key in /.ssh/knownhosts1 FingerprintingAb7e33bd85505a430be0bd433f1ca5f8 SSH tunneled serial bridging Client Keys Public key to refer to either idrsa.pub or iddsa.pub Authorized Keys $ ls /home/user/keys SDT Connector Public Key AuthenticationSecure Sockets Layer SSL Support Uploading Keys Openssl genrsa -des3 -out sslkey.pem HttpsGenerating an encryption key Generating a self-signed certificate with OpenSSL Launching the Https Server Power Strip ControlInstalling the key and certificate Kill -HUP `cat /var/run/inetd.pid` Synopsis PowerMan toolTarget Specification Adding new RPC devices Powerman --on foo0,4-5Pmpower tool Blackbox.com Ipmitool -c-h-v-V-I lan -H hostname -p port P-f password -o oemtype commandIPMItool Iinterface AauthtypeCciphersuite Lprivlvl Help Ipmitool help Scripts for Managing Slaves Ipmitool chassis power helpCustom Development Kit CDK Ipmitool chassis help Select Status Support Report Select Alerts & Logging Port LogSelect Serial & Network Serial Port, Edit the serial ports Appendix a Linux Commands & Source Code Blackbox.com Blackbox.com Blackbox.com Commands Sigspec -n signum -si let arg arg Appendix B Hardware Specifications Feature Value Appendix C Safety & Certifications FCC Warning Statement Read Before Using the Accompanying Software Appendix F End User License Agreement JSch License SDT Connector License Blackbox.com No Warranty Blackbox.com Blackbox.com Black Box Tech Support FREE! Live /7