RuggedCom RX1100, RX1000 specs

Chapter 23 – Configuring SSH

The Only allow users field specifies the users allowed to connect by SSH. The specification can be a list of user name patterns, separated by spaces. Login is allowed only for user names that match one of the patterns. '*' and '?' can be used as wild cards in the patterns. Only user names are valid, a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

The account selector ( ) button can be user to build up a list of allowable users.

The Only allow members of groups field specifies the “group” (in the Unix sense) of users allowed to connect by SSH. The specification can be followed by a list of group name patterns, separated by spaces. If specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns. '*' and '?' can be used as wild cards in the patterns. Only group names are valid, a numerical group ID is not recognized. By default, login is allowed for all groups.

The account selector ( ) button can be user to build up a list of allowable groups.

The Deny users and Deny members of groups fields specify users and groups to deny connections to.

RuggedCom

221

Image 223

RuggedCom RX1100, RX1000 manual

Contents

RuggedRouter Ruggedrouter User Guide Who Should Use This User Guide How To Use This User GuideAbout this User Guide Applicable Firmware Revision Quick Start Recommendations Document Conventions Basic Web Based Configuration Additional Configuration About this User Guide Table Of Contents Table Of Contents RuggedRouter User Guide 100 114 144 Page Table Of Contents Page 241 Page Table Of Figures RuggedRouter Setup Main Menu Scheduled Commands Displaying a Command T1/E1 Network Interfaces After Interface Creation Adsl Link Statistics Show Public Key Link Backup Status 162 Raw Socket Menu IRIGB/IEEE1588 General Configuration menu 230 255 IAS Window Edit Profile 282 Default Configuration Setting Up And Administering The RouterAccess Methods Accounts And Password Management From the Console Port Accessing The RuggedRouter Command PromptRuggedRouter Setup Shell Configuring Passwords Setting The Hostname Configuring IP Address InformationConfiguring Radius Authentication Enabling And Disabling The SSH and Web Server Radius Server Configuration menu Enabling And Disabling The Gauntlet Security Appliance Configuring The Date, Time And Timezone RuggedRouter Hardware Information Menu Displaying Hardware Information Selecting a configuration to reload Restoring a Configuration Structure of the Web Interface Using a Web Browser to Access the Web InterfaceRuggedRouter Web Interface SSL Certificate Warnings RuggedRouter Web Interface Main Menu Window LED Status Panel Using The LED Status Panel LED Name Description Obtaining Chassis Information Webmin Configuration Menu Webmin ConfigurationIP Access Control Change Help Server Ports And Addresses Logging Webmin Configuration Menu, Logging Webmin Configuration Menu, Authentication Authentication Webmin Events Log Webmin Events Log This page intentionally blank Bootup And Shutdown Configuring The System Scheduled Commands Change Password Command Scheduled Commands Displaying a Command Webmin Scheduled Cron Jobs Scheduled Cron Jobs System Time System Hostname Network Configuration Configuring Networking Dummy Interface Core Settings Configured Static Routes Default Route TableRouting And Gateways Manually Entered Static Routes Static Multicast Routing Static Multicast Routing DNS Client End To End BackupHost Addresses Page Current Routing & Interface Table Configuring End To End Backup LED Designations Configuring Ethernet InterfacesEthernet Interface Fundamentals Vlan Interface Fundamentals RuggedRouter Functions Supporting VLANs PPPoE On Native Ethernet Interfaces Fundamentals Ethernet Interfaces Ethernet Editing a Network Interface Editing Currently Active Interfaces Virtual Interfaces Edit Boot Time InterfacesVirtual Lan Interfaces List PPPoE Interfaces PPPoE On Native Ethernet Interfaces Editing a PPPoE Interface Edit PPPoE Interface Current Routes & Interface Table PPP Logs T1/E1 Fundamentals Configuring Frame Relay/PPP And T1/E1Frame Relay Location Of Interfaces And Labeling T1/E1Included With T1E1 Strategy For Creating Interfaces T1/E1 Network Interfaces Naming Of Logical Interfaces Editing a T1/E1 Interface E1 Settings T1 Settings Frame Relay Link Parameters Editing a Logical Interface Frame Relay Frame Relay DLCIs Editing a Logical Interface PPP Link Statistics T1/E1 Statistics Frame Relay Statistics Frame Relay Interface Statistics PPP Link Statistics PPP Interface Statistics T1/E1 Loopback Menu T1/E1 Loopback Upgrading Firmware Upgrading Software T3 Fundamentals Configuring Frame Relay/PPP And T3 T3 Network Interfaces T3 Configuration Edit T3 Interface Editing a T3 Interface T3 Statistics Upgrading Software Page DDS Fundamentals Configuring Frame Relay/PPP DDS Network Interfaces DDS Configuration Edit Logical Interface Frame Relay, single Dlci DDS Link Statistics DDS Statistics Frame Relay And PPP Interface Statistics DDS LoopbackPage PPPoE/Bridged Mode Fundamentals Configuring PPPoE/Bridged Mode OnAdsl Fundamentals PPPoE MTU Issues Authentication, Addresses and DNS ServersBridged Mode Adsl Network Interfaces Adsl ConfigurationEditing a Logical Interface PPPoE Edit Logical Interface Bridged Editing a Logical Interface Bridged Adsl Link Statistics Adsl Statistics Current Routes & Interface Table Modem Fundamentals Configuring PPP and ModemPPP Mode Fundamentals When the Modem Connects Modem Main Menu Modem Configuration Blind dial Modem PPP Client Modem PPP Client Connections Modem Incoming Call Logs Modem PPP Server PPP Logs Modem PPP Logs PPP Connection Logs Modem PPP Connection LogsPage Linux netfilter, iptables And The Shoreline Firewall Configuring The FirewallFirewall Fundamentals Stateless vs Stateful Firewalls Network Address Translation Port Forwarding Shorewall Quick Setup Zones ShoreWall Terminology And ConceptsInterfaces Policy Hosts Interface Subnet Address Protocol Ports Masquerading And Snat Reject Rules Route Based Virtual Private Networking Configuring The Firewall And VPN Virtual Private Networking To a DMZ Policy Based Virtual Private Networking Starting Shorewall Firewall Menu Firewall Main Menu Shorewall Firewall Menu Network Interfaces Network Zones Editing a Firewall Network Interfaces Firewall Zone Hosts Network Zone Hosts Masquerading Default Policies Editing a Masquerading Rule Firewall Rules Static NAT Static NAT Creating a Static NAT Entry Actions When StoppedPage Page Policy Vs Route Based VPNs Configuring An IPsec VPNVPN Fundamentals IPsec Modes Public Key And Pre-shared Keys Supported Encryption Protocols X509 Certificates Other Configuration Supporting IPSecNAT Traversal IPsec and Router Interfaces Openswan Configuration ProcessVPN Main Menu Before Key Generation VPN Main MenuPage IPsec VPN Configuration After Connections Have Been Created Server Configuration Preshared Keys Public Key VPN Connections List CertificatesIPsec VPN Connection Details Page Export Configuration Left/Right Systems Settings IPsec Status Showing IPsec Status Select a Certificate Authority IPSec X.509 Roaming Client Example Router IPSec Configuration VPN Networking Parameters Client ConfigurationGenerate X.509 Certificates Ethernet Port Configuration Firewall IPSec ConfigurationPage Quagga, RIP and Ospf Configuring Dynamic RoutingRIP Fundamentals Network Areas Ospf FundamentalsKey Ospf And RIP Parameters Link State Advertisements Redistributing Routes Active/Passive Interface DefaultRouter-ID Hello Interval and Dead Interval Link Detect Configuring Ospf Link CostsOspf Authentication RIP Authentication Administrative Distances Area And Subnets Ospf And Vrrp Example NetworkVrrp Operation Dynamic Routing Enable Protocols Core Global Parameters CoreCore Interface Parameters View Core Configuration Ospf Global Parameters OspfPage Ospf Interfaces Ospf Interfaces Ospf Network Areas View Ospf ConfigurationOspf Status RIP Global Parameters RIP Global Parameters RIP Key Chains RIP Interfaces RIP Networks RIP Networks RIP Status View RIP ConfigurationPage Link Backup Fundamentals Configuring Link BackupPath Failure Discovery Link Backup Configuration Link Backup Main MenuUse Of Routing Protocols And The Default Route Edit Link Backup Configuration Link Backup Status Link Backup LogsTest Link Backup Page Page Vrrp Fundamentals Configuring VrrpProblem With Static Routing Vrrp Solution Vrrp Example Page Vrrp Main Menu Vrrp Configuration Vrrp Instance Editing a Vrrp Instance Vrrp Instances Status Viewing Vrrp Instances Status Filters Configuring Traffic PrioritizationTraffic Prioritization Fundamentals Priority Queues Included With Traffic Prioritization TOS Prioritization Prioritization Example Interface Prioritization Menu Traffic Prioritization Main Menu Prioritization Filters Prioritization QueuesPrioritization Transmit Queue Length Prioritization Statistics Prioritization Statistics GRE Fundamentals Configuring Generic Routing Encapsulation GRE Main Menu GRE Configuration MenuPage Network Utilities Main Menu Network Utilities Traceroute Menu Ping Menu Trace Menu Host MenuTcpdump a Network Interface Serial Trace a Serial Server Port Frame Relay Link Layer Trace a WAN Interface Interface Statistics Menu Interface Statistics Menu Current Routing & Interface Table Current Routing & Interface Table Interface Status Page Serial IP Port Features Configuring Serial Protocols Broadcast RTU Polling Serial Protocols ApplicationsCharacter Encapsulation RTU Polling Message Packetization Serial Protocols Concepts And IssuesHost And Remote Roles Use Of Port Redirectors Serial Protocols Main Menu Use of Turnaround Delays Assign Protocols Menu Port Settings MenuRawSocket Menu Page Serial Protocols Statistics Menu Protocol Specific Packet Error Statistics Serial Protocols Trace Menu Serial Protocols Trace Menu Is provided Serial Protocols Sertrace UtilityPage IEC61850 Goose Fundamentals Configuring Goose TunnelsLayer 2 Tunnel Daemon Details Layer 2 Tunnels Main Menu Layer 2 Tunnels Main Menu Goose Tunnels Menu General Configuration Menu Activity Trace Menu Goose Statistics MenuPage Page Dhcp Client Options Configuring The Dhcp serverDhcp Fundamentals Dhcp Network OrganizationsPage Option 82 Support with Disable NAK Single Network With Static IP Assignment Example Dhcp Scenarios And ConfigurationsSingle Network With Option82 Clients On One Switch Single Network With Dynamic IP AssignmentPage Page Dhcp Server Menu Dhcp Server Main Menu Dhcp Shared Network Configuration Dhcp Shared Network Configuration Dhcp Subnet Configuration Dhcp Subnet Configuration Dhcp Host Configuration Dhcp Group Configuration Dhcp Pool Configuration Dhcp Pool Configuration NTP Fundamentals Configuring NTP NTP And The Precision Time Protocol Card NTP Sanity LimitIncluded With NTP Generic Options NTP Server Main Menu Peers Configuration Servers Configuration Viewing The NTP Log Viewing The NTP Status Viewing The GPS Log Viewing The GPS Status SSH Fundamentals Configuring SSHIncluded With SSH SSH Server SSH Main Menu Networking Access ControlPage PTP Master Election Configuring Irigb And IEEE1588IEEE1588 Fundamentals PTP Network Roles Synchronizing NTP from IEEE1588 Irigb FundamentalsIrigb Output Formats Reference Clocks GPS Cable compensationHow The Router Selects a Reference Clock IRIGB/IEEE1588 Main Menu General Configuration IEEE1588 Configuration Irigb Configuration IEEE1588 Status Irigb Status Irigb Log Page Snort Rules Configuring The Snort IDSSnort Fundamentals Which Interfaces To Monitor Snort IDS Main Menu Global ConfigurationPerformance And Resources Rulesets Network SettingsRule Lookup by SID Alerts & Logging PreProcessors Edit Config File Alert System Maintaining The RouterAlert Menu Alert Configuration Menu Alert Configuration Alert Definition Configuration Alert Filter Configuration Change Alert Definition Page What And How Gauntlet Protects Gauntlet SecurityGauntlet And The Firewall Upgrading Gauntlet Gauntlet Status Menu System Backup And Restore Backup And Restore General Configuration Setup Archive History Archive Backup Archive Difference Tool Archive Restore Archive Differences List Show Difference for selected file between two targets Snmp Configuration System Configuration Snmp Configuration Main MenuNetwork Addressing Configuration Access Control page, Snmp V1 and V2c 250 RuggedCom Trap Configuration page, Trap Options Trap Configuration RuggedRouter supports the following MIBs MIB Support Radius Authentication Edit Radius Server Parameters Radius Authentication Configuration Outgoing Mail Parameter Description Chassis Parameters System Logs Syslog Factory Defaults Changing a Syslog entry to remote log Remote Logging RuggedRouter Software Fundamentals Upgrade System Automatic Upgrade When a Software Upgrade Requires a Reboot Change Repository Server Upgrade to RX1100 Upgrading All Packages Automatic Upgrading Pre-upgrade/Post-upgrade scripts Installing a New Package Upload/Download menu Uploading And Downloading Files Security Actions Security ConsiderationsPage Initial Repository Setup Appendix a Setting Up a RepositoryRepository Server Requirements Upgrading The Repository Setting Up The RoutersAn Alternate Approach Upgrading Considerations Appendix B Downgrading Router Software Apache Default Web Appendix C Installing Apache Web Server On WindowsPage Installing IIS Appendix D Installing IIS Web Server On Windows Windows Internet Authentication Service Appendix E Radius Server ConfigurationFreeRadius Edit Profile window, Click Add... button 276 RuggedCom RuggedCom 277 Dhcp Index Goose NTP SSH Vrrp