SSH and SSL Security, Secure Shell SSH | Lantronix XPort AR manual

8: SSH and SSL Security

The XPort AR supports Secure Shell (SSH) and Secure Sockets Layer (SSL). These security protocols are configurable through the Web Manager (see SSH Settings on page 42 and SSL Settings on page 46) and Command Mode (see SSH Menu on page 103 and SSL Menu on page 106).

Note: This chapter overviews security configuration using Web Manager.

Secure Shell: SSH

SSH is a network protocol for securely accessing a remote device. This protocol provides a secure, encrypted communication channel between two hosts over a network.

To configure the SSH settings, there are two instances that require configuration: when the XPort AR is the SSH server and when it is an SSH client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode. Use the SSH client for tunneling in Connect Mode.

SSH Server Configuration

To configure the XPort AR as an SSH server, there are two requirements:

Defined host keys: both private and public keys are required. They keys are used for the Diffie-Hellman key exchange (used for the underlying encryption protocol).

Defined users: these users are permitted to connect to the XPort AR’s SSH server.

To configure SSH server settings:

1.Click SSH Æ Server Host Keys from the navigation menu. The SSH Server: Host Keys page displays.

2.To configure the host keys:

a)If the keys exist, locate the Private Key and Public Key using the Browse button. Select the Key Type (RSA is more secure) and click Submit to upload the keys.

i.SSH keys may be created on another computer and uploaded to the XPort AR. To do so, use the following command using Open SSH to care a 768-bit DSA key pair:

ssh-keygen –b 768 –t dsa

XPort AR User Guide

125

Image 125

Lantronix XPort AR SSH and SSL Security, Secure Shell SSH, SSH Server Configuration, To configure SSH server settings

Contents

XPort AR User Guide Sales Offices Lantronix Corporate HeadquartersTechnical Support Contents Contents Configuration Using Telnet or Serial Port Using Email 128 Figures Tables Summary of Chapters Using This GuidePurpose and Audience Guide Additional Documentation Applications Description and SpecificationsFeatures Protocol Support Additional FeaturesConfiguration Methods Hardware Address Addresses and Port NumbersIP Address Port Numbers Product Label Product Information Label Viewing the XPort AR’s Current Configuration Using DeviceInstallerAccessing XPort AR using DeviceInstaller Web Enabled Telnet EnabledFirmware Upgradeable Supports Configurable To access Web Manager Configuration Using Web ManagerAccessing Web Manager through a Web Browser To configure the network’s general configuration Network SettingsNetwork Configuration To configure the XPort AR’s network stack protocols Protocol Stack Configuration Send RSTs ARP Timeout Clear Remove To configure the XPort AR’s PPP configuration Snmp Configuration DNS ConfigurationTo configure the XPort AR’s DNS configuration To configure Snmp To configure FTP FTP Configuration To configure Tftp Tftp Configuration IP Address Filter To configure the IP address filterQuery Port Tftp Server Line 1 Configuration Line 1, Line 2, and Line 3 SettingsTo configure the query port server To configure Line To configure Line 1’s command mode Line 1 Command Mode Tunnel 1 and Tunnel 2 Settings To configure serial settings Serial Settings To configure Tunnel 1’s connect mode Connect ModeRead Timeout Wait for Read Timeout To configure the tunnel’s accept mode Accept Mode Flush Serial Data 16. Tunnel 1 Accept Mode Packing Mode Disconnect ModeTo configure the tunnel’s disconnect mode Timeout Start and Stop Characters To configure the tunnel’s packing modeTo configure the start and stop characters mode Modem Emulation To configure modem emulation To configure the AES keys for connect mode AES Keys Connect Mode To configure the AES keys for accept mode AES Keys Accept ModeEncrypt Key Decrypt Key To configure the XPort AR’s CPs Configurable Pin ManagerCPM Configurable Pins Pin # Configured AsState Groups Name State To configure the XPort AR’s CP groupsCPM Groups Displays the CP group’s current value SSH Server’s Host Keys SSH SettingsTo configure the SSH server’s host keys SSH Server’s Authorized Users To configure the SSH server’s authorized usersBit Size Public RSA Key To configure the SSH client’s known hosts SSH Client User ConfigurationTo configure the SSH client’s users SSH Client Known Hosts Public Key Remote CommandPrivate Key To configure the XPort AR’s SSL settings SSL SettingsNew Certificate Key To configure the CLI Command Line Interface SettingsCLI Configuration To view Http statistics Http Settings To configure Http Http Configuration To configure Http authentication settings Http Authentication Auth Type Realm Import System Configuration XML ConfigurationTo configure Http RSS settings To import and apply an XML configuration Gigi … To export and store an XPort AR’s configuration Export System Configuration To configure XPort AR’s email settings Email Configuration Filesystem Configuration To browse the XPort AR’s filesystem To compact or format the XPort AR’s filesystem Directory Mode Select Ascii or Binary Local FileBrowse Source MIB2 Statistics Diagnostics ConfigurationIP Sockets To view XPort AR’s MIB2 statistics To ping a remote device or computer Host Count TimeoutPing DNS Lookup TracerouteTo use traceroute from the XPort AR To use forward or reverse DNS lookup Buffer Pools MemoryTo display memory statistics for the XPort AR To display the XPort AR’s buffer pools Processes 48. Diagnostics Buffer Pools To display the XPort AR’s hardware diagnostics System ConfigurationHardware CPU Speed Reboot Device To configure the XPort AR’s system settingsRestore Factory Defaults Upload New Firmware Accessing Command Mode Configuration Using Telnet or Serial PortUsing Telnet Using the Serial Port To view the current configuration at any level Navigating the Command Line InterfaceTo view the available commands and their explanation To return to the next level up in the menu hierarchy XPort AR CLI Level Hierarchy Root Configuration Menu Enable Menu Disable ConfigureClear query port counters Clear ssh session Line3 Reload factory defaultsNo clear interfaces counters No clear query port counters Show interfaces Show hostsShow ip sockets Show processes Chem Menu Clear log Cc email addressClear mail counters CP send cp group value No clear mail counters No ccNo cp send No file Priority very low Priority urgentReplyto email address Send Configure Menu Clear ip counters Enable passwordClear ip ssh counters Clear ip telnet counters Ip ftp password string Ip ftp enableHostname string Ip domain name string IP http max timeout seconds IP http auth user uri user passwordIP http auth type uri ssl-basic IP http auth type uri ssl-digest Ip ssh enable IP icmp enableIp tcp resets enable Ip telnet enable No ip ftp password No ip ftp enableNo clear ftp counters No clear ip ssh counters No ip ssh enable No ip icmp enableNo ip tcp resets enable No ip telnet enable No snmp-server enable No rss enableNo snmp-server enable traps No rss persistent Password string PasswordQuery-port enable Ppp Show ip Snmp-server enableShow rss Show snmp-server Interface 1 Level Menu No bootp IP default-gateway ip addressDhcp renew IP address ip address/bits Show ip address filter No ip default-gatewaySpeed Speed 10 full PPP Menu CPM Menu Enable group Disable groupGet group Set group value Device Menu Show buffer pool Short name nameShow hardware information Show memory Filesystem Menu Dump file Cp source file destination fileFormat Ls directory Tftp get ascii source file destination file host Show treeTftp get ascii source file destination file host port Tftp get binary source file destination file host Line Menu Command mode serial string string Command mode serial stringCommand mode serial string binary string Command mode signon message string No command mode echo No command modeNo command mode cp No command mode serial string Parity odd Show command modeShow line Shutdown SSH Menu Host key HostHost public private Host generate dsa Host user user password key Host user user passwordHost user user password public private No client server server SSL Menu Tunnel Menu Accept block network Accept any characterAccept block serial Accept cp set group group Accept start character Accept protocol telnetClear accept counters Clear aggregate counters Connect block network Connect any characterConnect block serial Connect cp set group group Connect protocol ssh Connect reconnect timer millisecondsConnect protocol tcp Connect protocol tcp aes Disconnect timeout number Disconnect timeoutModem echo commands Disconnect stop character Modem echo pluses Modem error unknown commandsModem numeric response codes Modem text response codes No accept port No accept keep aliveNo clear accept counters No clear aggregate counters No connect flush serial data No modem echo commandsNo connect keep alive No connect port No serial wait for read timeout No packing modePacking mode send character Packing mode timeout Serial read timeout milliseconds Packing timeout millisecondsSerial wait for read timeout milliseconds Packing threshold bytes Write Point-to-Point Protocol PPP Tunneling Connect Mode Accept Mode Packing Mode Disconnect Mode Modem Emulation Command Mode Statistics Serial Line Settings To configure SSH server settings SSH Server ConfigurationSSH and SSL Security Secure Shell SSH Secure Sockets Layer SSL SSH Client ConfigurationTo configure SSH client settings Page Smtp Configuration Using Email DNS Records Priority LevelsExtended Hello Email StatisticsPage Configurable Pins Configuration Pin ManagerTo view a CP’s configuration Type show cp To configure a group’s value To view a CP group’s configurationCP Groups Type show group namePage 11 XML XML Configuration Record Schema XML Group Example XPort AR’s schema or template, is structured as following XML Example With Multiple Named Values Configuration using XML Import-Only Groups Configure an XPort AR with XML using the following stepsXML Groups XPort AR Import and Export Groups XPort AR User Guide 139 XPort AR User Guide 140 XPort AR User Guide 141 XPort AR User Guide 142 XPort AR User Guide 143 XPort AR User Guide 144 XPort AR User Guide 145 XPort AR User Guide 146 XPort AR User Guide 147 XPort AR User Guide 148 XPort AR User Guide 149 Branding the XPort AR Command ModeWeb Manager Customization To change the XPort AR’s short and long names To upload new firmware Updating FirmwareObtaining Firmware Loading New Firmware Email eutechsupp@lantronix.com Technical Support Converting Binary to Hexadecimal Binary to Hexadecimal ConversionsConversion Table Scientific Calculator Binary to Hexadecimal Conversions Power Frequency Magnetic Field Immunity RF Common Mode Conducted SusceptibilityManufacturer’s Name & Address Radiated and conducted emissions Warranty