Manuals / Lantronix / Computer Equipment / Switch

Lantronix 900-510 SSH Keys, TACACS+ Commands, To set user group and permissions for TACACS+ users

Models: 900-510

1 280

Download 280 pages 10.49 Kb

Page 166

11: User Authentication

TACACS+ Commands

These commands for the command line interface correspond to the web page entries described above.

To configure the SLB branch office manager to use TACACS+ to authenticate users who log in via the Web, SSH, Telnet, or the console port:

set tacacs+ <one or more parameters>

Parameters:

accessoutlets <Outlet List> breakseq <1-10 Chars> clearports <Port List> dataports <Port List> encrypt <enabledisable> escapeseq <1-10 Chars> listenports <Port List> secret <TACACS+ Secret> server1 <IP Address or Name> server2 <IP Address or Name> server3 <IP Address or Name> state <enabledisable>

To set user group and permissions for TACACS+ users:

set tacacs+ group <defaultpoweradmin>

To set permissions for TACACS+ users not already defined by the user rights group:

set tacacs+ permissions <Permission List>

where

<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad

To remove a permission, type a minus sign before the two-letter abbreviation for a user right.

To set a default custom menu for TACACS+ users:

set tacacs+ custommenu <Menu Name>

To view TACACS+ settings:

show tacacs+

SSH Keys

The SLB branch office manager can import and export SSH keys to facilitate shared key authentication for all incoming and outgoing SSH connections. By using a public/private key pair, a user can access multiple hosts with a single passphrase, or, if a passphrase is

SLB™ Branch Office Manager User Guide

166

Image 166

Lantronix 900-510 manual SSH Keys, TACACS+ Commands, To set user group and permissions for TACACS+ users

Contents

SLB Branch Office Manager User Guide Part Number 900-510 Revision C OctoberTechnology Drive Irvine, CA 92618, USA Toll Free Phone Fax Lantronix, Inc Corporate HeadquartersTechnical Support May SeptemberOctober Table of Contents Command Line Interface Typical InstallationsIP Address Method #1 Using the Front Panel Display IP Filter Commands RoutingTypical Setup Scenarios for the SLB Device Device Ports SettingsPower Outlets NFS and SMB/CIFSAudit Log Diagnostics Connection ConfigurationLocal and Remote Users Local/Remote User Settings NISIntroduction to Commands Application Examples 206206 Accessing the Bootloader Bootload CommandsSecurity Practice Factors Affecting Security 213Chapter Summaries About This GuidePurpose and Audience Remaining chapters in this guide includeAdditional Documentation OperationFeatures OverviewMeets Needs of Branch Offices Typical Equipment BenefitsTypes of Business SLB088411-01 ModelsSLB088412-01 System Features SLB 8 FrontConfiguration Options Access ControlPower Outlet Control Protocols SupportedApplication Example Hardware Features SLB hardware includes the followingSerial Connections Device Port ConnectionsNetwork Connections PC Card InterfaceInstallation What’s in the BoxTechnical Specifications Product Information LabelPhysical Installation To install the SLB branch office manager in a rackConnecting a Terminal Connecting to a Device PortConnecting to a Network Port To connect to a device portTo connect a terminal Connecting to a Power SourceConnecting Devices to Power Outlets To avoid the possibility of noise due to arcingConnecting Devices to the 8-Port Ethernet Switch Typical InstallationsTo connect devices to the unmanaged Ethernet switch SLB Installation Using the Integrated Ethernet Switch Methods of Assigning an IP Address Quick SetupIP Address DetectorBefore You Begin Method #1 Using the Front Panel DisplayFront Panel LCD Display and Pushbuttons To enter setup information Entering the SettingsNavigating Quick Setup To use the LCD display to restore factory default settings Method #2 Quick Setup on the WebRestoring Factory Defaults To complete the Quick SetupNetwork Settings Date & Time Settings Sysadmin Password/ Retype Administrator SettingsTo save your entries, click the Apply button Configure Eth1 Method #3 Quick Setup on the Command Line InterfaceTo complete the command line interface Quick Setup script Enter the following information at the promptsSpecifying SysadminPassword Date/TimeNext Step To logout, type logout at the prompt and press EnterWeb and Command Line Interfaces Web InterfaceApply Button Port, Switch, and Power Outlet BarLogout Button Tabs Options Port Number Bar Icons Help ButtonLogging off LoggingWeb Page Help To log out of the SLB command line interface Command Line InterfaceTo log in to the SLB command line interface Logging outCommands have the following format Command SyntaxActions and Category Options For general command line Help, type Command Line HelpTips General CLI Commands Basic Parameters RequirementsEth1 and Eth2 Settings To enter settings for one or both network portsEth 1 and/or Eth2 SettingsEth 1 and/or Eth IPv6 AddressGateway Ethernet Counters Hostname & Name ServersNetwork Commands IP Filter Viewing IP FiltersAdministrator can add, edit, delete, and map IP filters Configuring IP FiltersTo enable IP filters Enabling IP FiltersRuleset Name Rule ParametersTo add an IP filter Example FILTER-2Deleting an IP Filter Updating an IP FilterMapping a Rule Set To delete a mapping IP Filter CommandsTo map a rule set to a network interface To set IP filter mappingDynamic Routing To configure routing settingsRouting Static RoutingEquivalent Routing Commands To configure static or dynamic routingTo configure SSH, Telnet, and Logging settings ServicesSystem Logging and Other Services SSH/Telnet/LoggingEnter the following settings System LoggingTelnet Phone Home Audit LogTo save, click the Apply button Enable Agent Enable TrapsCommunities VersionV3 Read-Write User SNMP, SSH, Telnet, and Logging CommandsV3 Read-Only User Range is 1-500 KbytesServices To view current services To configure NFS and SMB/CIFS NFS and SMB/CIFSSMB/CIFS Share NFS MountsEnter the following for up to three directories To mount a remote NFS share NFS and SMB/CIFS CommandsTo view NFS share settings To unmount a remote NFS shareTo view SMB/CIFS settings Secure Lantronix NetworkServices Services Network Search Secure LantronixManually Entered IP Address List provides a list of IP Date and Time Secure Lantronix Network CommandsTo set the local date, time, and time zone Enable NTP ChangeTo view the local date, time, and time zone Date and Time CommandsSynchronize via To view NTP settings Device Ports Connection MethodsPermissions Global Port SettingsDevice Status Telnet/SSH/TCP in Port Numbers To set up Telnet, SSH, and TCP port numberingStarting Telnet Port To configure a specific port Global CommandsClick the Apply button to save the settings To set limits on direct connectionsTo view global settings for device ports Device Ports SettingsTo configure settings for all or a group of device ports To open the Device Ports SettingsDevice Ports IP Settings To enter device port settingsData Settings Hardware Signal Triggers Modem SettingsModem Settings Text Mode Modem Settings PPP Mode Restart Delay Port Status and CountersPassword for logging into the SLP power manager To enter SLP commandsSLP Login User ID for logging into the SLP power manager SLP Status/InfoSLP Commands Device Port Sensorsoft DeviceDevice Port Commands To configure a single port or a group of portsDevice Ports To view a list of all device port names Device CommandsTo view the settings for one or more device ports To view the modes and states of one or more device portsSlp infeedstatus Interacting with a Device PortTo connect to a device port to monitor it Local Logging  To escape from the connect listen command, press any keyDevice Ports Logging Endpoint is onePC Card Logging NFS File LoggingEmail/SNMP Notification Local Logging Sylog LoggingTo set logging parameters Email/SNMP Traps NFS File Logging PC Card Logging Logging CommandsTo configure logging settings for one or more device ports Syslog LoggingTo clear the local log for a device port Console PortTo set console port parameters Change the following as desired Console Port CommandsConnecting Click the Apply button to save the changesTo view console port settings Power OutletsTo configure console port settings To configure a power outletView or enter the following information for each outlet To view power outlet settings Power Outlet CommandsTo configure and control power outlets Host ListsHost List Name Host ParametersHost List Id view Retry CountEscape Sequence To view or update a host list Host List Commands To delete a host listTo move a host entry to a new position in the host list To add a new host entry to a list or edit an existing entryTo display the members of a host list To set up PC Card storage in the SLB device PC CardsUnmount Storage SettingsEnter the following settings for the selected PC Card FormatTo enter modem settings for a PC Card FilesystemEnter or view the following StateData Settings D2 &c1 E1 Q0GSM/GPRS Settings Isdn SettingsGSM Global System for Mobile communication Text Mode PPP ModeTelnet Port IP SettingsService RangeTo format a Compact Flash card To view a directory listing of a Compact Flash cardTo unmount a Compact Flash card To rename a file on a Compact Flash cardTo configure a currently loaded PC Card modem PC Card Modem CommandsRemoves a file on a Compact Flash card SLB Branch Office Manager User Guide 124 Connections Remote Access Server Typical Setup Scenarios for the SLB DeviceTerminal Server Multiport Device Server Reverse Terminal ServerConsole Server SLB Branch Office Manager User Guide 128 To create a connection Connection ConfigurationData Flow SSH Out Options TriggerWhere SSH flags is one or more of user Login Name Connection CommandsTo view, update, or disconnect a current connection To configure initial timeout for outgoing connectionsTo monitor a device port To display details for a single connection To terminate a bidirectional or unidirectional connectionTo view connections and their IDs To display global connectionsUser Authentication ExampleNIS Network Ldap LightweightDirectory Access InformationAuthentication Commands To set ordering of authentication methodsTo set password requirements for local users To enable local and/or remote usersLocal and Remote Users To add, edit, or delete a user Local/Remote User SettingsLocal User Passwords To add a userData Ports Enter the following information for the userListen Ports Clear PortAt Login AccessOutlets Enable for Password ChangeWeb Access Users plus Networking , Date/Time , Reboot & ShutdownFull Administrative ConfigurationTo edit a local user To change the sysadmin passwordShortcut To add a user based on an existing user To delete a local userTo enable or disable authentication of local users Local Users CommandsTo set whether a complex login password is required To set a login password for the local userTo view settings for all users or a local user Local User Rights CommandsRemote User Commands To block lock out a users ability to logClick the User Authentication tab and select the NIS option To view settings for all remote usersTo remove a remote user Broadcast for NIS Enable NISNIS Domain NIS Master ServerSelect or clear the checkboxes for the following rights Access OutletsClear Port Buffers NIS Commands ShutdownTo view NIS settings To set a default custom menu for NIS usersTo set group and permissions for NIS users Enable Ldap Base Bind PasswordRetype Password Bind NameSelects Reboot & Shutdown Reports Web AccessTo view Ldap settings Ldap CommandsTo set a default custom menu for Ldap users To set user group and permissions for Ldap usersRadius Server #1 Port Enable RadiusRadius Server #1 1812 Server #1 SecretSLB Branch Office Manager User Guide 156 Radius Commands Kerberos To set a default custom menu for Radius usersTo view Radius settings To set user group and permissions for Radius usersEnable Kerberos RealmKDC Port KDC IP AddressUse Ldap SLB Branch Office Manager User Guide 161 To set a default custom menu for Kerberos users Kerberos CommandsTo set user group and permissions for Kerberos users To view Kerberos settings TACACS+TACACS+ Servers Enable TACACS+Secret SLB Branch Office Manager User Guide 165 To view TACACS+ settings TACACS+ CommandsTo set a default custom menu for TACACS+ users SSH KeysImported Keys Exported KeysImported Keys SSH Host & User Associated with KeyHost & Login for Import Exported Keys SSH OutTo view or delete a key Host and Login for ExportTo view, reset, or import SSH RSA1, RSA, And DSA host keys Export viaHost Key Reset to DefaultView or enter the following Import Host KeySSH Commands To import an SSH keyTo export a key To reset defaults for all or selected host keysTo delete a key To display SSH keys that have been imported Custom User Menu CommandsCustom User Menus To display SSH keys that have been exportedTo assign a custom user menu to a local or remote user To set the optional title for a menuExample SLB Branch Office Manager User Guide 177 SLB Branch Office Manager User Guide 178 SLB Maintenance Maintenance and OperationTo configure settings General Welcome BannerSLB Firmware Boot Banks Configuration ManagementTo manage configuration files To view, reset, import, or change an SSL Certificate Firmware & Configurations Web SessionsFirmware & Configurations SSL Certificate To view or terminate current web sessionsImport SSL If desired, enter the followingCertificate Certificate FilenameTo set up an SLB iGoogle gadget IGoogle GadgetsTo add welcome, login, and logout banners Administrative CommandsTo reboot the SLB device To prepare the SLB branch office manager to be powered offTo view current timeout and all active web sessions To enable or disable iGoogle Gadget web contentTo configure the timeout for web sessions To update SLB firmware to a new revisionTo view FTP settings To view keypad settingsTo restore the SLB device to factory default settings System Logs SLB Branch Office Manager User Guide 191 Select to Lantronix Tech Support Audit Log System Log CommandTo clear one or all of the system logs Diagnostics Netstat Select DiagnosticsARP Table Host LookupSend Packet SLB Branch Office Manager User Guide 197 To resolve a host name into an IP address Diagnostic CommandsTo display a report of network connections To verify that the host is up and runningTo generate and send Ethernet packets Status/ReportsTo display all network traffic, applying optional filters View Report View ReportSLB Branch Office Manager User Guide 201 Status Commands EventsThere is no default Response is one Events CommandsTrigger is one Snmp Trap OIDTo delete an event To update event definitionsTo view events SLB Branch Office Manager Configuration Application ExamplesChange the baud to 57600 and disable flow control Telnet/SSH to a Remote DeviceConnect to the device port Dial-in Text Mode to a Remote DeviceReboot the SUN server View messages from the SUN server consoleConnect to the SUN Unix server using the direct command ConnectLocal Serial Connection to Network Device via Telnet SLB Branch Office Manager User Guide 211 Command Reference Introduction to CommandsCommand Reference Admin banner logout Administrative CommandsAdmin banner login Admin banner showAdmin config restore Admin config deleteAdmin config factorydefaults Admin config saveAdmin firmware copybank Admin config showAdmin firmware bootbank Admin firmware showAdmin ftp show Admin ftp passwordAdmin ftp server Admin keypadAdmin reboot Admin lcd resetAdmin quicksetup Admin shutdownAdmin web certificate show Admin web certificateAdmin web certificate reset Admin web gadgetAudit Log Commands Authentication CommandsShow user Kerberos CommandsShow auth Set kerberosDefault is Ldap CommandsDisplays Kerberos settings Show kerberosShow ldap Local Users CommandsDisplays Ldap settings Set localusers addeditSet localusers allowreuse Set local users complexpasswordsSet localusers maxloginattempts Set localusers stateSet localusers periodwarning Set localusers passwordSet localusers periodlockout Set localusers reusehistorySet nis NIS CommandsDisplays NIS settings Show nisSet radius Radius CommandsDisplays Radius settings Set radius serverSet tacacs+ TACACS+ CommandsUser Permissions Commands Show tacacs+Set localusers permissions Set localusers lockSet localusers unlock Set remoteusers addeditShow remoteusers Set remoteusers listonlyauthSet remoteusers delete Set nisldapradiuskerberostacacs+ groupSet cli terminallines CLI CommandsSet cli Displays the rights of the currently logged-in userSet history Connection CommandsShow cli Show historyConnect direct Connect terminate Connect global outgoingtimeoutConnect listen deviceport Connect unidirectionShow connections connid Console Port CommandsShow connections Set consoleportSet localusers Custom User Menu CommandsShow consoleport Set menu addSet nisldapradiuskerberostacacs+ custommenu Date and Time CommandsSet menu delete Show menuShow datetime Device CommandsSet command Set ntpDevice Port Commands Set deviceport portScript that initializes a modem Show deviceport global Set deviceport globalShow deviceport names Diagnostic Commands Diag nettrace Diag internalsDiag netstat Diag lookupDisplays system information for the SLP power manager End Device CommandsXferdatasize Size In Kbytes to Transfer Default is 1 Kbyte Diag tracerouteAdmin events delete Events CommandsAdmin events add Admin events editSet hostlist addedit Host List Name Host List CommandsAdmin events show Set hostlist addedit Host List Name entrySet ipfilter state Set hostlist deleteShow hostlist Set ipfilter mappingLogging Commands Sets IP filter rulesSet locallog clear Network CommandsShow locallog Set networkSet network host Set network dnsSet network gateway Set network portNFS and SMB/CIFS Commands Set cifs Set cifs passwordSet nfs unmount Show cifsPC Card Storage Commands PC Card Modem Commands Pccard modemSet power outlet Power CommandsSet power alarmthreshold ExampleShow power Routing CommandsSet power switchingdelay Set routingServices Commands Set servicesDisplays current services SLB Network CommandsShow services Set slcnetworkSet sshkey all export SSH Key CommandsShow slcnetwork Set sshkey deleteSet sshkey server import Set sshkey server resetShow sshkey export Show sshkey server Status CommandsShow sshkey import Displays host keys public key onlyShow sysstatus System Log CommandsShow sysconfig Show syslogShow syslog clear Clears one or all of the system logsBootload Commands BootloaderAccessing the Bootloader User CommandsDisplays information about the current user Administrator CommandsPrints bootloader variables Sends a ping request to the network hostSecurity Practice Security ConsiderationsFactors Affecting Security Safety Information Safety PrecautionsRack FusesPort Connections Adapters and Pinouts RJ45 RJ45 DB25 Female DB9 Male RJ45 DB9 Female Use PN 200.2070A adapter with a PCs serial portGnd DSR CTSProtocol Glossary NMS Network Management System PAP Password Authentication ProtocolRadius Remote Authentication Dial-In User Service NTP Network Time ProtocolTACACS+ Terminal Access Controller Access Control System TelnetProduct Names SLB Branch Office Manager SLB Series Compliance InformationManufacturer’s Name & Address FCC Notice U.S. Only Industry Canada Notice Canada OnlyRoHS Compliance Additional Agency Approvals and CertificationsManufacturer’s Contact RoHS Notice