Proxim AP-2000 manual Telnet Configuration Settings, Secure Shell SSH Settings, SSH Session Setup

Performing Advanced Configuration

Telnet Configuration Settings

•Telnet Interface Bitmask: Select the interface (Ethernet, Wireless-Slot A, Wireless-Slot B, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management.

•Telnet Port: The default port number for Telnet applications is 23. However, you can use this field if you want to change the Telnet port for security reasons (but your Telnet application also must support the new port number you select). You must reboot the Access Point if you change the Telnet Port.

•Login Idle Timeout (seconds): Enter the number of seconds the system will wait for a login attempt. The AP terminates the session when it times out. The range is 1 to 300 seconds; the default is 30 seconds.

•Session Idle Timeout (seconds): Enter the number of seconds the system will wait during a session while there is no activity. The AP will terminate the session on timeout. The range is 1 to 36000 seconds; the default is 900 seconds.

Secure Shell (SSH) Settings

The AP supports SSH version 2, for secure remote CLI (Telnet) sessions. SSH provides strong authentication and encryption of session data.

The SSH server (AP) has host keys - a pair of assymetric keys - a private key that resides on the AP and a public key that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, the client can verify that it is communicating with the correct SSH server. The client authentication can be performed in two ways:

•Using asymmetric keys. This method requires all the client keys to be installed on the AP.

•Using a username/password pair to authenticate the user over a secure channel created using SSH.

SSH Session Setup

An SSH session is setup through the following process:

•The SSH server public key is transferred to the client using out-of-band or in-band mechanisms.

•The SSH client verifies the correctness of the server using the server’s public key.

•The user/client authenticates to the server.

•An encrypted data session starts. The maximum number of SSH sessions is limited to two. If there is no activity for a specified amount of time (the Telnet Session Timeout parameter), the AP will timeout the connection.

SSH Clients

The following SSH clients have been verified to interoperate with the AP’s server. The following table lists the clients, version number, and the website of the client.

For key generation, OpenSSH client has been verified.

Configuring SSH

Perform the following procedure to enable or disable SSH and set the SSH host key:

1.Click Configure -> Management -> Services.

2.To enable SSH, select “Enable” from the Enable SSH (Secure Shell) drop down menu.

NOTE

When Secure Management is enabled on the AP, SSH will be enabled by default and cannot be disabled.

3. Select the SSH Host Key Status from the drop-down menu.

Host keys must either be generated externally and uploaded to the AP (see Uploading Externally Generated Host Keys), generated manually, or auto-generated at the time of SSH initialization if SSH is enabled and no host keys are present. There is no key present in an AP that is in a factory default state.

56