Telnet & SSH Functions, SSH Encryption | Western Telematic AFS-16-1

10.Telnet & SSH Functions

10.1.SSH Encryption

In addition to standard Telnet protocol, the AFS-16 also supports SSH connections, which provide secure, encrypted access via network. In order to communicate with the AFS-16 using SSH protocol, your network node must include an appropriate SSH client.

Note that when the /K (Send SSH Key) command is invoked, the AFS-16 can also provide you with a public SSH key, which can be used to streamline connection to the AFS-16 when using SSH protocol.

Although you can establish an SSH connection to the unit without the public key, the public key provides validation for the AFS-16, and once this key is supplied to the SSH client, the client will no longer display a warning indicating that the AFS-16 is not a recognized user when the client attempts to establish a connection.

The /K command uses the following format:

/K <k> [Enter]

Where k is an argument that determines which type of public key will be displayed, and the k argument offers the following options:

1.SSH1

2.SSH2 RSA

3.SSH2 DSA

For example, to obtain the public SSH key for an SSH2 RSA client, type /K 2 and then press [Enter].

Note: Although the AFS-16 does not support SSH1, the /K 1 command will still return a key for SSH1.

10-1

Image 93

Western Telematic AFS-16-1 manual Telnet & SSH Functions, SSH Encryption, Enter, 10-1

Contents

AFS-16-1 Secure Racking Shock Hazard Do Not Enter Lithium Battery Two Power Supply Cables Disconnect Power Table of Contents Basic Configuration Telnet & SSH Functions Upgrading AFS-16 Firmware Command Reference Guide Vii List of Figures Introduction Security and Co-Location Features Environmental Monitoring and Management Typographic ConventionsWTI Management Utility Bold Font Dual Power Supply Module  Power Switch and on IndicatorUnit Description Control Module Control Module Unit Description Circuit Module Circuit Module Apply Power to the AFS-16 Getting StartedConnect Your PC to the AFS-16 Communicating with the AFS-16 Fallback Switching Text Interface Fallback Switching Fallback Switching Web Browser Interface Hardware Installation Connecting the Power Supply CablesConnecting the Network Cable Connecting an External Modem Optional Connecting a Local Control Device A/C/B Connectors Module Set UpCircuit Module Set Up Control Module SetUp Basic Configuration Communicating with the AFS-16 UnitText Interface Web Browser Interface Access Via PDA Configuration Menus Defining System Parameters Basic Configuration Real Time Clock and Calendar Invalid Access Lockout Feature Log Configuration Web Browser Interface Callback Security Basic Configuration Scripting Options Basic Configuration User Accounts Command Access Levels Granting Circuit Module Access Managing User Accounts Viewing User AccountsAdding User Accounts Basic Configuration Deleting User Accounts Modifying User Accounts Circuit Configuration Viewing Circuit Groups Circuit Group Directory Adding Circuit Groups Modifying Circuit GroupsDeleting Circuit Groups Serial Port Configuration Menu Serial Port ConfigurationCommunication Settings 1. RS232 Port Modes Port Mode Parameters Network Configuration Network Port Parameters Network Parameters Basic Configuration IP Security Basic Configuration Net/Mask Pairs Except Domain Name Server Static Route Snmp Access Parameters Snmp Trap Parameters Ldap Parameters Group Membership Value Type Default = DN Basic Configuration Tacacs Parameters Basic Configuration Radius Parameters WTI-Group-Access=111000 WTI-Circuit-Access=0101WTI-Super=2 Example Email Messaging Parameters Save User Selected Parameters Restore Configuration Adding Ping-No-Answer Profiles Ping-No-Answer Fallback Switching Ping-No-Answer Fallback Switching Viewing Ping-No-Answer Profiles Modifying Ping-No-Answer ProfilesDeleting Ping-No-Answer Profiles Alarm Configuration Output Contacts Control Module AUX Connector Output Contacts Over Temperature Alarms Alarm Configuration Ping-No-Answer Alarm Configuring the Ping-No-Answer AlarmDefining Ping-No-Answer IP Addresses Alarm Configuration Invalid Access Lockout Alarm Alarm Configuration Power Cycle Alarm Monitor/Alarm Input Alarm Configuration High Low Monitor Input Level Settings Alarm Configuration Status Screens Product StatusNetwork Status Screen Circuit Status Screen Circuit Group Status Screen Audit Log Event Logs Temperature Log Alarm Log A/B Switching Web Browser Interface OperationCircuit Control Screen Web Browser Interface Circuit Group Control Screen Web Browser Interface Operation Circuit Status Screen Text Interface A/B Switching Text Interface 2. A/B Switching Commands Text Interface TA 1 Enter or /TA Datacenter EnterTB 2 Enter or /TB Servers Enter TA ROUTER,Y or /T 2,B,Y B Enter or /T SERVERS,A EnterTB 1+3+4 Enter +3+4,B Enter TA 13 Enter Manual Operation Logging Out of Command Mode SSH Encryption Telnet & SSH FunctionsEnter 10-1 Telnet ip port raw Enter Creating an Outbound Telnet ConnectionTelnet 255.255.255.255 2000 raw Enter 10-2 SSH ip -l username Enter Creating an Outbound SSH ConnectionUsername SSH 255.255.255.255 -l employee Enter Configuration Syslog Messages11-1 11-2 Testing Syslog Configuration 12-1 Snmp Traps 12-2 Testing the Snmp Trap Function Configuration via Snmp AFS-16 Snmp Agent SNMPv3 Authentication and EncryptionUserTableuserAccessLevel Account access level Operation via Snmp Adding Users Viewing UsersModifying Users Deleting Users Controlling Circuits Circuit Control via SnmpControlling Circuit Groups 13-3 Circuit Status Viewing AFS-16 Status via Snmp155 Unit Environment Status 13-5 Sending Traps via Snmp 14-1 Setting Up SSL Encryption 14-2 Creating a Self Signed Certificate 14-3 Creating a Signed Certificate 14-4 Downloading the Server Private Key Saving and Restoring Configuration Parameters Sending Parameters to a File15-1 15-2 Restoring Saved Parameters 15-3 Restoring Previously Saved Parameters 16-1 Upgrading AFS-16 Firmware 16-2 Command Conventions Command Reference GuideTA * Enter 17-1 17-2 Command Summary Display Circuit Status Screen Command SetDisplay Circuit Group Status Screen Display Network Status Log Functions Exit Command ModeDisplay Site ID / Unit Information Connect TA 2+3,Y Enter Toggle to a PositionToggle to B Position TB 2+3,Y Enter Set All Circuits to Default States Toggle Command+3,A,Y Enter Send Parameters to File Send SSH Key Unlock Port Invalid Access LockoutTelnet Outbound Telnet Format /TELNET ip port raw Enter Format /SSH ip -l username Enter SSH Outbound SSHSet System Parameters Set Serial Port Parameters Alarm Configuration Parameters PNA Configure Ping-No-Answer FunctionCircuit Group Parameters Network Port Parameters Reboot System Default Upgrade FirmwareTest Test Network Parameters When not connected When connectedAppendix A. Interface Description Serial Port RS232 Switching Appendix B. SpecificationsPhysical/Environmental Apx-2 Apx-3 Appendix C. Customer Service Trademark and Copyright Information Trademarks and Copyrights Used in this ManualApx-4 Index-1 Index Radius CLI Index-2 Ldap Index-3 Tacacs Index-4 NTP Index-5 Index-6 Snmp Index-7 SNMPV3 Index-8