Manuals / RuggedCom / Computer Equipment / Network Router

RuggedCom RX1000, RX1100 manual Configuring SSH, SSH Fundamentals, Included With SSH

Models: RX1000 RX1100

1 284

Download 284 pages 36.63 Kb

Page 220

RuggedRouter™ User Guide

Chapter 23 – Configuring SSH

Introduction

This chapter familiarizes the user with:

∙Configuring SSH Authentication

∙SSH Networking And Access Control

∙Setting SSH Client Options

SSH Fundamentals

Secure Shell is a program to allow logging into another host, to remotely execute commands, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. The program that accepts the SSH client's connection is an SSH server. The SSH server can be programmed to enforce conditions to increase security. These conditions can be imposed upon specific hosts or upon all hosts in general.

SSH has had two major revisions of the protocol upon which it is based, SSH v1 and v2. SSH v1 relied upon the RSA authentication scheme, while SSH v2 relies upon RSA or DSA. SSH v1 is known to be insecure and should not be used.

SSH operates upon TCP port 23 by default. Open this port if you use a firewall.

SSH also provides TCP forwarding, a means to forward otherwise insecure TCP traffic through SSH Secure Shell.

Included With SSH

Your RuggedRouter software includes scp, an SSH utility to perform secure copying of files and directories over the network.

If you decide to create you own user accounts, the ssh-keygen utility can be used to populate the account with SSH keys.

218

RuggedCom

Image 220

RuggedCom RX1000, RX1100 manual Configuring SSH, SSH Fundamentals, Included With SSH

Contents

RuggedRouter Ruggedrouter User Guide How To Use This User Guide About this User GuideApplicable Firmware Revision Who Should Use This User GuideDocument Conventions Quick Start RecommendationsBasic Web Based Configuration Additional Configuration About this User Guide Table Of Contents Table Of Contents RuggedRouter User Guide 100 114 144 Page Table Of Contents Page 241 Page RuggedRouter Setup Main Menu Table Of FiguresScheduled Commands Displaying a Command T1/E1 Network Interfaces After Interface Creation Adsl Link Statistics Show Public Key Link Backup Status 162 Raw Socket Menu IRIGB/IEEE1588 General Configuration menu 230 255 IAS Window Edit Profile 282 Setting Up And Administering The Router Access MethodsAccounts And Password Management Default ConfigurationAccessing The RuggedRouter Command Prompt RuggedRouter Setup ShellConfiguring Passwords From the Console PortSetting The Hostname Configuring IP Address InformationConfiguring Radius Authentication Radius Server Configuration menu Enabling And Disabling The SSH and Web ServerConfiguring The Date, Time And Timezone Enabling And Disabling The Gauntlet Security ApplianceDisplaying Hardware Information RuggedRouter Hardware Information MenuRestoring a Configuration Selecting a configuration to reloadUsing a Web Browser to Access the Web Interface RuggedRouter Web InterfaceSSL Certificate Warnings Structure of the Web InterfaceRuggedRouter Web Interface Main Menu Window Using The LED Status Panel LED Status PanelObtaining Chassis Information LED Name DescriptionWebmin Configuration Menu Webmin ConfigurationIP Access Control Ports And Addresses Change Help ServerWebmin Configuration Menu, Logging LoggingAuthentication Webmin Configuration Menu, AuthenticationWebmin Events Log Webmin Events LogThis page intentionally blank Configuring The System Bootup And ShutdownChange Password Command Scheduled CommandsScheduled Commands Displaying a Command Scheduled Cron Jobs Webmin Scheduled Cron JobsSystem Hostname System TimeConfiguring Networking Network ConfigurationCore Settings Dummy InterfaceConfigured Static Routes Default Route TableRouting And Gateways Manually Entered Static Routes Static Multicast Routing Static Multicast RoutingDNS Client End To End BackupHost Addresses Page Configuring End To End Backup Current Routing & Interface TableConfiguring Ethernet Interfaces Ethernet Interface FundamentalsVlan Interface Fundamentals LED DesignationsPPPoE On Native Ethernet Interfaces Fundamentals RuggedRouter Functions Supporting VLANsEthernet Ethernet InterfacesEditing Currently Active Interfaces Editing a Network InterfaceVirtual Interfaces Edit Boot Time InterfacesVirtual Lan Interfaces PPPoE On Native Ethernet Interfaces List PPPoE InterfacesEdit PPPoE Interface Editing a PPPoE InterfacePPP Logs Current Routes & Interface TableT1/E1 Fundamentals Configuring Frame Relay/PPP And T1/E1Frame Relay Location Of Interfaces And Labeling T1/E1Included With T1E1 T1/E1 Network Interfaces Strategy For Creating InterfacesEditing a T1/E1 Interface Naming Of Logical InterfacesT1 Settings E1 SettingsEditing a Logical Interface Frame Relay Frame Relay Link ParametersEditing a Logical Interface PPP Frame Relay DLCIsT1/E1 Statistics Link StatisticsFrame Relay Interface Statistics Frame Relay StatisticsPPP Interface Statistics PPP Link StatisticsT1/E1 Loopback T1/E1 Loopback MenuUpgrading Software Upgrading FirmwareConfiguring Frame Relay/PPP And T3 T3 FundamentalsT3 Configuration T3 Network InterfacesEditing a T3 Interface Edit T3 InterfaceT3 Statistics Upgrading Software Page Configuring Frame Relay/PPP DDS FundamentalsDDS Configuration DDS Network InterfacesEdit Logical Interface Frame Relay, single Dlci DDS Statistics DDS Link StatisticsDDS Loopback Frame Relay And PPP Interface StatisticsPage PPPoE/Bridged Mode Fundamentals Configuring PPPoE/Bridged Mode OnAdsl Fundamentals PPPoE MTU Issues Authentication, Addresses and DNS ServersBridged Mode Adsl Network Interfaces Adsl ConfigurationEditing a Logical Interface PPPoE Editing a Logical Interface Bridged Edit Logical Interface BridgedAdsl Statistics Adsl Link StatisticsCurrent Routes & Interface Table Configuring PPP and Modem PPP Mode FundamentalsWhen the Modem Connects Modem FundamentalsModem Configuration Modem Main MenuBlind dial Modem PPP Client Connections Modem PPP ClientModem PPP Server Modem Incoming Call LogsModem PPP Logs PPP LogsModem PPP Connection Logs PPP Connection LogsPage Configuring The Firewall Firewall FundamentalsStateless vs Stateful Firewalls Linux netfilter, iptables And The Shoreline FirewallNetwork Address Translation Shorewall Quick Setup Port ForwardingZones ShoreWall Terminology And ConceptsInterfaces Hosts PolicyMasquerading And Snat Interface Subnet Address Protocol PortsRules RejectConfiguring The Firewall And VPN Route Based Virtual Private NetworkingPolicy Based Virtual Private Networking Virtual Private Networking To a DMZFirewall Main Menu Starting Shorewall Firewall MenuShorewall Firewall Menu Network Zones Network InterfacesEditing a Firewall Network Interfaces Network Zone Hosts Firewall Zone HostsDefault Policies MasqueradingFirewall Rules Editing a Masquerading RuleStatic NAT Static NATActions When Stopped Creating a Static NAT EntryPage Page Configuring An IPsec VPN VPN FundamentalsIPsec Modes Policy Vs Route Based VPNsSupported Encryption Protocols Public Key And Pre-shared KeysX509 Certificates Other Configuration Supporting IPSecNAT Traversal Openswan Configuration Process VPN Main Menu Before Key GenerationVPN Main Menu IPsec and Router InterfacesPage Server Configuration IPsec VPN Configuration After Connections Have Been CreatedPublic Key Preshared KeysVPN Connections List CertificatesIPsec VPN Connection Details Page Left/Right Systems Settings Export ConfigurationShowing IPsec Status IPsec StatusIPSec X.509 Roaming Client Example Select a Certificate AuthorityRouter IPSec Configuration VPN Networking Parameters Client ConfigurationGenerate X.509 Certificates Firewall IPSec Configuration Ethernet Port ConfigurationPage Quagga, RIP and Ospf Configuring Dynamic RoutingRIP Fundamentals Ospf Fundamentals Key Ospf And RIP ParametersLink State Advertisements Network AreasActive/Passive Interface Default Router-IDHello Interval and Dead Interval Redistributing RoutesConfiguring Ospf Link Costs Ospf AuthenticationRIP Authentication Link DetectAdministrative Distances Area And Subnets Ospf And Vrrp Example NetworkVrrp Operation Enable Protocols Dynamic RoutingCore Global Parameters CoreCore Interface Parameters View Core Configuration Ospf Ospf Global ParametersPage Ospf Interfaces Ospf InterfacesOspf Network Areas View Ospf ConfigurationOspf Status RIP Global Parameters RIP Global ParametersRIP Interfaces RIP Key ChainsRIP Networks RIP NetworksView RIP Configuration RIP StatusPage Link Backup Fundamentals Configuring Link BackupPath Failure Discovery Link Backup Configuration Link Backup Main MenuUse Of Routing Protocols And The Default Route Edit Link Backup Configuration Link Backup Status Link Backup LogsTest Link Backup Page Page Configuring Vrrp Problem With Static RoutingVrrp Solution Vrrp FundamentalsVrrp Example Page Vrrp Configuration Vrrp Main MenuEditing a Vrrp Instance Vrrp InstanceViewing Vrrp Instances Status Vrrp Instances StatusConfiguring Traffic Prioritization Traffic Prioritization FundamentalsPriority Queues FiltersTOS Prioritization Included With Traffic PrioritizationPrioritization Example Traffic Prioritization Main Menu Interface Prioritization MenuPrioritization Filters Prioritization QueuesPrioritization Transmit Queue Length Prioritization Statistics Prioritization StatisticsConfiguring Generic Routing Encapsulation GRE FundamentalsGRE Configuration Menu GRE Main MenuPage Network Utilities Network Utilities Main MenuPing Menu Traceroute MenuTrace Menu Host MenuTcpdump a Network Interface Frame Relay Link Layer Trace a WAN Interface Serial Trace a Serial Server PortInterface Statistics Menu Interface Statistics MenuCurrent Routing & Interface Table Current Routing & Interface TableInterface Status Page Configuring Serial Protocols Serial IP Port FeaturesSerial Protocols Applications Character EncapsulationRTU Polling Broadcast RTU PollingSerial Protocols Concepts And Issues Host And Remote RolesUse Of Port Redirectors Message PacketizationUse of Turnaround Delays Serial Protocols Main MenuAssign Protocols Menu Port Settings MenuRawSocket Menu Page Protocol Specific Packet Error Statistics Serial Protocols Statistics MenuSerial Protocols Trace Menu Serial Protocols Trace MenuSerial Protocols Sertrace Utility Is providedPage IEC61850 Goose Fundamentals Configuring Goose TunnelsLayer 2 Tunnel Daemon Details Layer 2 Tunnels Main Menu Layer 2 Tunnels Main MenuGeneral Configuration Menu Goose Tunnels MenuGoose Statistics Menu Activity Trace MenuPage Page Configuring The Dhcp server Dhcp FundamentalsDhcp Network Organizations Dhcp Client OptionsPage Option 82 Support with Disable NAK Example Dhcp Scenarios And Configurations Single Network With Option82 Clients On One SwitchSingle Network With Dynamic IP Assignment Single Network With Static IP AssignmentPage Page Dhcp Server Main Menu Dhcp Server MenuDhcp Shared Network Configuration Dhcp Shared Network ConfigurationDhcp Subnet Configuration Dhcp Subnet ConfigurationDhcp Group Configuration Dhcp Host ConfigurationDhcp Pool Configuration Dhcp Pool ConfigurationConfiguring NTP NTP FundamentalsNTP And The Precision Time Protocol Card NTP Sanity LimitIncluded With NTP NTP Server Main Menu Generic OptionsServers Configuration Peers ConfigurationViewing The NTP Status Viewing The NTP LogViewing The GPS Status Viewing The GPS LogSSH Fundamentals Configuring SSHIncluded With SSH SSH Main Menu SSH ServerAccess Control NetworkingPage Configuring Irigb And IEEE1588 IEEE1588 FundamentalsPTP Network Roles PTP Master ElectionSynchronizing NTP from IEEE1588 Irigb FundamentalsIrigb Output Formats Reference Clocks GPS Cable compensationHow The Router Selects a Reference Clock General Configuration IRIGB/IEEE1588 Main MenuIrigb Configuration IEEE1588 ConfigurationIrigb Status IEEE1588 StatusIrigb Log Page Configuring The Snort IDS Snort FundamentalsWhich Interfaces To Monitor Snort RulesSnort IDS Main Menu Global ConfigurationPerformance And Resources Rulesets Network SettingsRule Lookup by SID PreProcessors Alerts & LoggingEdit Config File Alert System Maintaining The RouterAlert Menu Alert Configuration Alert Configuration MenuAlert Filter Configuration Alert Definition ConfigurationChange Alert Definition Page What And How Gauntlet Protects Gauntlet SecurityGauntlet And The Firewall Gauntlet Status Menu Upgrading GauntletBackup And Restore System Backup And RestoreGeneral Configuration Setup Archive Backup Archive HistoryArchive Restore Archive Difference ToolArchive Differences List Snmp Configuration Show Difference for selected file between two targetsSystem Configuration Snmp Configuration Main MenuNetwork Addressing Configuration Access Control page, Snmp V1 and V2c 250 RuggedCom Trap Configuration Trap Configuration page, Trap OptionsMIB Support RuggedRouter supports the following MIBsRadius Authentication Radius Authentication Configuration Edit Radius Server ParametersOutgoing Mail Chassis Parameters Parameter DescriptionSyslog Factory Defaults System LogsRemote Logging Changing a Syslog entry to remote logUpgrade System RuggedRouter Software FundamentalsWhen a Software Upgrade Requires a Reboot Automatic UpgradeUpgrade to RX1100 Change Repository ServerAutomatic Upgrading Upgrading All PackagesInstalling a New Package Pre-upgrade/Post-upgrade scriptsUploading And Downloading Files Upload/Download menuSecurity Considerations Security ActionsPage Initial Repository Setup Appendix a Setting Up a RepositoryRepository Server Requirements Upgrading The Repository Setting Up The RoutersAn Alternate Approach Upgrading Considerations Appendix B Downgrading Router Software Appendix C Installing Apache Web Server On Windows Apache Default WebPage Appendix D Installing IIS Web Server On Windows Installing IISWindows Internet Authentication Service Appendix E Radius Server ConfigurationFreeRadius Edit Profile window, Click Add... button 276 RuggedCom RuggedCom 277 Index DhcpGoose NTP SSH Vrrp