SSH - Vanguard Networks
Contents
1. Procomm Plus Terminal OK File Edit View Options Data Tools Window Help Rapid Connect Data Script File fe Data v STARTUP v PR Node985 Address 985 Date 24 MAR 2005 Time 16 57 17 Configure SSH Path Main 6 18 1 Configure SSH Record Generate RASA Key Pair SSH Test Enter Selection Alt Host Chat LogonWiz WinLink Cmd Mode Send Fax Explorer DOS Prmpt ANSIBBS RAWASCIl direct connectCom 115200 N 81 rd sd cd cts 5 04PM Connected 49 47 28 Figure 4 Configure SSH Menu 11 T100 17 Revision E Release 7 1 Configuring ONS User Configuration Local User Configuration Record Node Node985 Address 985 Date 24 MAR 2005 Time 18 05 39 Menu Configure SSH Path Main 6 18 1 1 Configure SSH Record 2 Generate RSA Key Pair 3 SSH Test Enter Selection 2 Generate SSH Server RSA Key Pair WARNING If you proceed this could take several minutes to finish No further notices will be made Do you want to proceed y n y RSA key pair generation done The RSA Public Key AAAAB3NzaClyc2EAAAADAQABAAAAGOCtCcE7QKGPBXKKBOLDIu 1TRilY8k8cTgAC LEbO2bOnmZ05FNR4gDqkW qEs1lxrl6 TtJyX3nu28LwP507VcrgWS 5hDtad8nhMBuZ TTe1zSjJXbzhivPFckYyKVrdxXlE4vQG9H jJWI1LpEbDTYHYtHS dT1c 8Z1Rx8muzOrg 6Frez7Q Press any key to continue ESC to exit E Note If the Soft Encryption module is installed the following copyright message will be displayed as well as the information above2. t PuTTY Configuration Category Enter IP addressed Basic options for your PuT TY session assigned to Vanguard Logging E SSH Server A Temal Specify your connection by host nameec address Keyboard Host Name or F addres Fort F Frotocol ER 7 Me anaes Raw Telnet C Rlogin SSH elec i Behaviour Translation Selection Saved Sessions Colours 150 30 1 203 E Session Load sawe or delete a stored session A Connection Proxy Telnet Rlogin Auth Tunnels Bugs Default Settings 760 30 1 203_ PublicPrivate Close window on exit O Always O Never Only on clean exit Select Open Figure B 1 PuTTY Configuration with Password Authentication Method At prompt enter User Name and Password configured in Local User Configuration Example Login as leahl lt ENTER gt Leah2 150 30 1 203 s password 123 lt ENTER gt OK Type atds or ATDS lt ENTER gt to login E Note Do not type atdsO or ATDSO B 2 SSH Configuration Samples Example 2 Password Public Key SSH Configuration Samples PuTTY Configuration and Connection Examples 150 30 1 222 PuTTY login as leahl Further authentication required leahif isSO 30 1 222 s password OE atda CONNECT 3 Node6455 17 MOwW 2005 12 31 SSH 3 CONNECTED TO ControlPort Fress any key to continue ESC to exit Connected to the Control Port on Node Node6 455 at LY NOV 2005 12
3. e 7 0 R000 and 7 0 ROOA require either IP or Security License to build an image with Vanguide Software Builder e Point Release 7 0 P12A for 3400 only requires IP SNA Multiservice or Security to create an image with Vanguide Software Builder e Difference between Soft and Hard SSH is use of accelerator SIMM card 4 SSH Server Supported Features Table 4 Supported Platforms after release 7 1 RO0A vo sa e NANA ma fra ma fra ma ma 3400 NOTES e 7 1 ROOA and later require a license IP SNA Multiservice or Security License to build an image for 242D V340 Series and 7300 with Vanguide Software Builder e 7 1 ROOA and later provide two SSH Security features BASIC SSH Software SSH and ACCELERATED SSH Hardware SSH for 3400 and 6840 41 to create a SSH image with Vanguide IP IPSafe SNA and Multiservice Licenses support BASIC SSH Security License supports ACCELERATED SSH which both 3DES CBC and AES CBC are available e No need to include IPSec in an image to use the SSH feature e Difference between Soft and Hard SSH is use of accelerator SIMM card 5 T100 17 Revision E Release 7 1 Configuring ONS User Configuration Local User Configuration Record Configuring ONS User Configuration Local User Configuration Record Introduction Follow these steps Online Help The Local User Configuration record is used as a profile for a SSH Client access to Vanguard SSH Server It de
4. Configuring ONS User Configuration Local User Configuration Record Listing Configurations How to Follow these steps to list SSH Record configuration Step Process 1 Select List Network Security from List menu The List Network Secu rity menu appears Select List SSH Record The List SSH Record screen appears see Figure 10 Example Enter Selection 1 SSH Record List RSA Enabled Password SSH Authentication Method Password Press any key to continue ESC to exit Figure 10 List SSH Record Screen T100 17 Revision E 19 Release 7 1 Configuring ONS User Configuration Local User Configuration Record Deleting Local User Configurations Follow these Follow these steps to delete the Local User Configuration entries steps Step Process 1 Select Delete ONS User from Delete menu The Delete ONS User Record menu appears 66 99 Enter the number of entry to delete and enter y to proceed The selected entry is deleted see Figure 11 Example Enter Selection 6 Delete ONS User record Entry Number 1 1 Proceed y n y Record Deleted Press any key to continue ESC to exit Figure 11 Delete ONS User Menu 20 SSH Server Configuring ONS User Configuration Local User Configuration Record Deleting SSH Record Configuration How to Follow these steps to delete SSH Record Configuration Step Process 1 S
5. Introduction T100 17 Revision E SSH Server E Note This feature is supported by Release 6 5 R000 and later releases Releases prior to Point Release 6 5 P04A support hardware encryption only and 6 5 P04A and later releases support both hardware encryption SSH and software encryption SoftSSH Each release requires different Software License for Vanguard Software Builder For further details refer to Supported Platforms on page 3 Vanguard s Secure Shell SSH protocol secures connections between systems It can be used to secure remote logins and other network services over an insecure network SSH provides strong authentication and secure communication over unsecured channels It is intended as a replacement for rlogin vsh and rsh SSH can also be used to secure forwarding of arbitrary TCP connections Vanguard s SSH supports SSH2 protocol only The SSH2 protocol contains improvements to security performance functionality and portability over the previous SSH1 protocol SSH protects against the network attacks listed below e IP spoofing where a remote host sends packets that seem to come from a trusted host SSH can also protect a local network from spoofers e IP source routing where a remote host sends packets that seem to come from a trusted host e DNS spoofing where an attacker forges server name records e Interception of clear text passwords and other data by intermediate hosts e Manipulation of data by per
6. Manual is current for Release 7 1 of Vanguard Applications Ware To comment on this manual please go to http www vanguardnetworks com cgi bin prod uctsupport cgi Contents SSH Server Overview PL sisarien 1 2 PIE PM iiei 1 3 Configuring ONS User Configuration Local User Configuration Record 1 6 Configuring SSH Client Configuration Parameters cccceceeseeeees l 7 Configuring SSH Server Configuration Record cccccccceeeeeeeeees 1 9 Configuring SSH Server Configuration Record Parameters 1 10 Se Server aeriedicscss deacon teenientaetestineceouneeeieennas 1 11 Vanguard SSH Server Configuration Samples sssseeseseeseeeeeeees 1 13 BO ek ie PP r aias 1 15 Managing 55H Server COT TALON sssaasiancecessnpentranesaaiacepancansancaseriaszcnesd 1 17 Examining ConiipuraONS os acanchessinahensscilasesnisecaveccatzionsesaieimesiobevieiniiancal 1 18 Lohor Coone aE 1 19 Deleting Local User Configurations eeeeeeseesessssssssssssssssssssssssseeererrerreee 1 20 Delehne SSA Record Configuration esisicinncsiiisisiarduiidriiiasiidianienidaiidai 1 21 Boles crm ESA Ley FO ger eneeeey cet eeey center een iaaiiai adini 1 22 SSH Server Configuration Samples Overview 1 SSH Configuration Samples Overview 1 PuTTY Configuration and Connection Examples ccccceeeeeeeeeeeeeeees B 2 SecureCRT Configuration and Connection Examples 0seeeeeeeeees B 8 Overview
7. O Use certificate E ach certificate in your personal store will be tried until one succeeds Agent Add keys to agent Enable OpenSSH agent forwarding GSSAPI Enable deprecated GSSAPI Figure B 8 SecureCRT Configuration with Public Key Authentication Method Continued B 14 SSH Configuration Samples Public Key Identity pub SecureCRT Configuration and Connection Examples Select Options gt Session Options Make changes to Username to leah3 which will be configured in Figure 10 User Name in Local User Configuration Session Options 150 30 1 222 Category E Connection SSH Logon Scripts SFTP Tab n Advanced Fort B Port Forwarding Remotes11 Firewall Emulation Modes Authentication Emacs Mapped Keps Advanced E Appearance See Window Log File B Printing Advanced emodemd lt moder Properties Figure B 8 SecureCRT Configuration with Public Key Authentication Method Continued Open the file Identity pub or xxxxx pub saved with a different name Copy the key line by line to User Public Key in Local User Configuration Microsoft Visual C Identity pub Hee B File Edit View Insert Project Build Tools Window Help fg See TARY WllineType E BEGIN SSH2 PUBLIC KEY Subject r10121 Comment rl10121 r10121 ck0q421 ModBitSize 1024 AAAABSNzaC lycZEAAAADAQABAAAAZODSTLOO2NZ4Juti VSOFxmcBobjeJ jeyJ QOJ5BF Le S4f
8. Eric Young is a contributor to the soft encryption module Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCURE MENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROF ITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUD ING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 12 SSH Server Configuring ONS User Configuration Local User Configuration Record Vanguard SSH Server Configuration Samples Introduction This section shows two examples of how to configure Vanguard SSH Server E Note Type atds or ATDS to login Do not use atdsO or ATDSO Example 1 Figure 5 shows the SSH configuration for using the Password authentication method Password ONLY only He Node 100 L_ J Vanguard SSH Server SSH Client SSH Client q Ss SSH Server User Name vanguard Local User Configuration Password 123 User Name vanguard Password 12
9. SSH Server Enable Disable RSA Enabled SSH Authentication Method Password Password Generate SSH Server RSA Key Pair Main 6 18 2 The RSA Public Key AAAAB3NzaClyc2EAAAADAQABAAAAgQDKScDsTucRIW8Qb dM1RuLdUHsA Ot6b2dJV DA 3rcUiulb8dQ0c8S BDdDCrfJ9X oSTxxdCyfti7jA1K 8n7jnJM3cY 9dDB1ZfBcSe5siB5p7sdkjfUVvh H7ZBebY0Y ginhLm1QfB1QLITXK84EqHdttF C9Q scWjloC cgV w E Note Make certain to generate RSA Key Pair Without the RSA Public Key the feature is disabled However it is not necessary to generate an RSA key every time when making configuration changes The node uses the same generated key unless it is deleted from Delete Menu SSH Configuration Samples SecureCRT Configuration and Connection Examples Example 1 To connect to Vanguard SSH Server using Password Only refer to the steps in Password ONLY Figure 7 Connect JDALEa XS amp mM Select Connect a G Sessions A 150 30 1 222 A 150 30 1 222 6455DES128 Show dialog on startup C Open in a tat Connect Enter Secure Shell Password Ea Type e tial ee Configuration main 8 6 leah 9750 30 1 222 requires a password Please enter a password now Example Username leah1 Username Password abe lt ENTER gt Password Save password 3 Type atds or ATDS lt ENTERS to login E Note Do not type atds0 or ATDSO aa 150 30 1 222 SecureCRT File Edit View Options Transfer Script Tools Help HDOD
10. VanQquerd NETWORK 5 Vanguard Applications Ware IP and LAN Feature Protocols Secure Shell SSH Protocol Notice 2008 Vanguard Networks 25 Forbes Blvd Foxboro MA 02035 508 964 6200 All rights reserved Printed in U S A Restricted Rights Notification for U S Government Users The software including firmware addressed in this manual is provided to the U S Government under agreement which grants the government the minimum restricted rights in the software as defined in the Federal Acquisition Regulation FAR or the Defense Federal Acquisition Regulation Supplement DFARS whichever is applicable If the software is procured for use by the Department of Defense the following legend applies Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c 1 i1 of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 If the software is procured for use by any U S Government entity other than the Department of Defense the following notice applies Notice Notwithstanding any other lease or license agreement that may pertain to or accompany the delivery of this computer software the rights of the Government regarding its use reproduction and disclosure are as set forth in FAR 52 227 19 C Unpublished rights reserved under the copyright laws of the United States Notice continued Proprietary M
11. use the space character to blank field Default blank Description User Public Key used for client authentication with public key 8 SSH Server Configuring ONS User Configuration Local User Configuration Record Configuring SSH Server Configuration Record Introduction The SSH Server Configuration Record defines what public key algorithm and authentication method Vanguard SSH uses Follow these To configure a user name password and a client public key if necessary follow steps these steps to access the Configure SSH Menu Step Process 1 Select Configure gt Configure Network Security gt Configure SSH from the CTP Main menu The Configure SSH menu appears similar to that shown in Figure 3 is displayed 2 Select Configure SSH The SSH Record configuration parameters appear in sequence Procomm Plus Terminal File Edit View Options Data Tools Window Help Rapid Connect Data Script File fe Data v STARTUP v Node985 Address 985 Date 24 MAR 2005 Time 16 57 17 Configure SSH Path Main 6 18 1 Configure SSH Record Generate RSA Key Pair SSH Test Enter Selection Alt Host Chat Logonvyiz VinLink Cmd Mode send Fax Explorer DOS Prmpt ANSI BBS RAW ASCII direct connect Com1 115200 N 8 1 rd sd cd cts 5 04PM oO E o o Connected 49 47 28 Figure 3 Configure SSH Menu Online Help Entering a displays online Help for the current parameter opti
12. Connection Examples Hew Session vizard The wizard is now ready to create the new session for you 5 What name do vou want to use to uniquely identify the new session Type an arbitrary session name for the configuration Session name r o SSH2 E Note Global Options You must make changes to SSH configuration in Global Options Ensure that you DESELECT the following Add keys to agent Enable OpenSSH agent forwarding Enable deprecated GSSAPI Global Options Category j General SSH2 Public key Use identity file O S ie es Printing InNgerprin SiS oe Advanced E Create Identity File Change Passphrase Web Browser l Firewall O Use cettificate Each certificate yi your personal store will be tied until one succeeds i gery S Add key to agent A Enable OpenSSH agent forwarding 7 GS5AFI Select 4 Enable deprecated GSSAPI OK Figure B 6 SecureCRT Configuration with Password Authentication Method Continued SSH Configuration Samples B 9 SecureCRT Configuration and Connection Examples SSH Server Configuration ONS User Configuration SSH Server Configuration SSH Record SSH Server Configuration Generate RSA Key Pair Entry Number 1 2 2 User Name blank leah1 2 Password abe 2 Verify Password abe 2 User Privilege Read Only Service 2 User Group AM 2 User Public Key blank SSH Record Configuration Main 6 18 1
13. Vanguard Main Menu Screen SSH Configuration Samples B 7 SecureCRT Configuration and Connection Examples SecureCRT Configuration and Connection Examples Introduction This section introduces two connection examples using SecureCRT version 5 0 4 Basic Figure 6 and the procedures that follow describle how to configure SecureCRT to Configuration connect to Vanguard SSH Server with the Password authentication method For further details on SecureCRT configurations please refer to SecureCRT s user manual Connect O89 8 amp Xx a a G Sesgnew Session Select New Session and 30 1 222_6455DES128 Select Connect Show dialog on startup C Open in a tab New Session Yy izard This wizard will help you create a new session for connecting to a remote server 2 What type of connection do you want to establish r Select SSH2 and Select Protocol Next C Do not use this wizard when creating sessions New Session YYizard What is the name or IP address of the remote host The user name can be left blank 3 Hostname 150 30 1 222 Type the IP address assigned to lt lt SSH Server and User Name Pott 22 configured in Local User Firewall None 3 Configuration in Username Username leah Select Next Figure B 6 SecureCRT Configuration with Password Authentication Method B 8 SSH Configuration Samples SecureCRT Configuration and
14. 3 Verify Passord 123 User Privilege Service User Group All User Public Key blank SSH Record Configuration SSH Sever Enable Disable RSA Enabled SSH Authentication Method Password Figure 5 Password Authentication Method Only 13 T100 17 Revision E Release 7 1 Configuring ONS User Configuration Local User Configuration Record Example 2 Password Public authentication methods Key 14 BC SSH Client SSH Client lt _________ gt User Name vanguard Passphrase SSH123 Password 123 Public Key Generated SSH Client Key Generator ssh rsa AAAABSNzaC1yc2EAAAABJQA AAIBzcR5KLAsGvwpATzA6e24 CkEaaa5 zycGD2vY81P91C XBgsAqmbzNlyZkmrMxZy6Ryt7 Oeeow ad3BskzfNyG4GM4hy9f BmWeyRT6zGWkKuZclUZ WK3 CCL9hv fpthZ8ewOGFuhTFtaE XVMvXN1gs O0S8Y5K9tk234iq aDe xw rsa key 20050217 Figure 6 shows the SSH configuration for using both the Password and Public Key Node 100 Are o Vanguard SSH Server SSH Server Local User Configuration User Name vanguard Password 123 Verify Passord 123 User Privilege Service User Group All User Public Key AAAAB3NzaC1yc2EAAAABJQA AAIBzcR5KLAsGvwpATZzA6e24 CkEaaa5 zycGD2vY81P91C XBgsAqmbzNlyZkmrMxZy6Ryt7 Oeeow ab3BskzfNyG4GM4hy9f BmWeyRT6zGWkKuZclUZ WK3 CCL9hv fpthZ8ewOGFuhT FtaE XVMvXN1gs O0S8Y5kK9tk234iq aDe xw SSH Record Configuration SSH Sever Enable Disable RSA Enabled SSH Authentication Method Password Public Key Fi
15. 31 03 VANGUARD 6455 Version V6 51IPO4B 110305M5 6455 Copyright CC 1969 2001 Vanguardls LLC 7 Copyright ic JEF 7 AGE Logic Inc San Diego 411 rights Node Mode ess ffo0 iate L Nevy 2005 Time 12 31 03 Menu Main ath Main rvedi rved rvedi ri m Ln Za Beet gt Fe Be ee hse 1 wW w w iT m Logout Examine List Monitor Oo D e H m m h il no on om m rvedi ryved ryvedi rved ryedi ri m m Ho H m m om L h il to iT oo J ih in H m i m rwedi rved Command Line Inter io oo J io co H m a t m R m L iT OK prompts might appear a couple of times Please keep typing atds or ATDS until Main Menu appears Figure B 2 Vanguard Main Menu Screen Example 2 describes how to configure PuTTY to connect to Vanguard SSH Server with both Password and Public Key authentication methods at the same time For further details on PuTTY configurations please refer to PuTTY s user manual B 3 PuTTY Configuration and Connection Examples puttygen exe To generate public and private keys with PuTTY Key Generator run puttygen exe Generate Public and refer to the steps in Figure 3 and the procedures that follow Key c PuTTY Key Generator File Key Conversions Help Key No key Select Generate Actions Generate a public private key pair Generate Load an existing private key file Save the generated key Parameters Type
16. A Public Key the feature is disabled This example shows how to configure SSH Server to use Password and Public Key at the same time Local User Configuration Entry Number 2 2 2 User Name blank leah2 2 Password 123 2 Verify Password 23 2 User Privilege Read Only Service 2 User Group All 2 User Public Key blank AAAAB3NzaClyc2EAAAABJQAAAIBzcRS5KLAsGvwpATzA6e24CkEaaa5 zycGD2vY81P91C XBgsAqmbzNlyZkmrMxZy6Ryt7Oeeow as53Bskzf NyG4GM4hy9fBm WeyRT6zGWKuZcIUZ WK3CCL9Yhv fpthZ8ewOGFuhTFtaExV MvXNlgs O0S8Y5K9tk234iqaDe xw E Note The copied alphanumeric characters in User Public Key must match to the key generated by SSH Client s Key Generation Wizard EXACTLY Make certain to copy the key LINE BY LINE to User Public Key parameter because the copied key must not include any space or new line Configure SSH Record SSH Server Enable Disable RSA Enabled SSH Authentication Method Password Public Key E Note The copied alphanumeric characters in User Public Key must match to the key generated by SSH Client s Key Generation Wizard EXACTLY Make certain to copy the key LINE B Y LINE to User Public Key parameter because the copied key must not include any space or new line SSH Server Configuration Samples Generate RSA Generate SSH Server RSA Key Pair Key Pair The RSA Public Key Main 6 18 1 AAAAB3NzaClyc2EAAAADAQABAAAAgQDKS5cDsTucR1W8QbdM 1RuLdUHsA Ot6b2dJV DA3rcUiu1b8dQ0c8S
17. B gt a SuSla et e Ok atda COHHECT 3 Hoded55 L NOV 2005 15 58 S5H S CONNECTED TO ControlPort Press any key to continue i ESC to exit gt Connected to the Control Port on Node Nodebd55 _ at 1 NOV 2005 15 58 25 VANGUARD 6455 Version Vb 5TPO04b_ 110S05M5_6455 Copyright iC 1969 2001 Vanguard s LLE Copyright ic 1995 by AGE Logic Inc San Diego CA All rights reserved Hode Nodebd55 Address 64545 Iate LF NOY 2005 Time 15 58 25 Menu Main Path Main 1 Logout 19 reserved 2 Examine 20 reserved Ready ssh2 3DES 24 14 24Rows 80 Cols W100 Figure B 7 SecureCRT Configuration with Password Authentication Method SSH Configuration Samples SecureCRT Configuration and Connection Examples Example 2 Password Public Key The example below shows how to configure SecureCRT to connect to Vanguard SSH Server with Password and Public Key authentication methods For further details on SecureCRT configurations please refer to SecureCRT s user manual To generate a Public Key using SecureCRT refer to the steps in Figure 8 Key Generation izard The Kep Generation Wizard helps you create a public private key pair used for authentication Separate files will be created for your public and private keys To begin using your key you will need to copy the public key file to a directory on the SSH host after the wizard is finished See Help or contact your SSH server administrato
18. BDdDCrfJ9X gSTxxdCyfti7jA1K 8n7jnJM3cY9dDB1ZfBcSeS5siB5p7sd kjfU VvhH7ZBeb YOY giInhLmlQfB1QLITxK84EqHdttF C9Q gcWjloC cgV w E Note Make certain to generate RSA Key Pair Without the RSA Public Key the feature is disabled However it is not necessary to generate an RSA key every time when making configuration changes The node uses the same generated key unless it is deleted from Delete Menu SSH Server Configuration Samples A 3 A 4 SSH Server Configuration Samples Appendix B SSH Configuration Samples Overview Introduction This appendix provides configuration samples for SSH client applications such as PuTTY version 0 58 and SecureCRT version 5 0 4 showing the corresponding configuration parameters of Vanguard SSH Server As PuTTY and SecureCRT update their applications to fix their own known bugs on a regular basis please make sure to read Vanguard Release Notice and their updates before using this feature For further details on the SSH client applications please refer to their user manuals SSH Configuration Samples B 1 PuTTY Configuration and Connection Examples PuTTY Configuration and Connection Examples Introduction This section introduces two connection examples using PuTTY version 0 58 Example 1 Figure 1 shows how to configure PuTTY to connect to Vanguard SSH Server with Password ONLY Password authentication method For further details on PuTTY configurations please refer to PuTTY s user manual
19. aterial Eric Young is a contributor to the soft encryption module Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PAR TICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPE CIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABIL ITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Information and software in this document are proprietary to Vanguard Networks or its Sup pliers and without the express prior permission of an officer may not be copied reproduced disclosed to others published or used in whole or in part for any purpose other than that for which it is being made available Use of software described in this document is subject to the terms and conditions of the Software License Agreement This document is for information purposes only and is subject to change without notice Part No T100 17 Rev E Publication Code TK First Printing April 2005
20. c Key AAAAB3NzaClyc2EAAAADAQABAAAAGgOCtCcE7QKGPBXKKBOLDIu 1TRil Y8k8cTgACLEbO02bOnmZ05FNR4gDqkW qEslxrl6TtJyX3nu28wP507Vc rgWSShDtad8nhMBuZTTeizS jJXbzhivPFckYyKVrdxXlE4vQG9H jJW91pE bTYhYtHS dT1c 8Z1Rx8muzOrq6Frez7Q Press any key to continue ESC to exit Figure 8 Example of RSA Key Pair Status SSH Server Configuring ONS User Configuration Local User Configuration Record Managing SSH Server Configurations Introduction This section describes routine configuration management tasks you can perform with SSH Server Tasks You can perform these tasks e Examine configurations e List configurations e Delete Local User Configuration entries SSH Server Record and RSA Key Pair See the following for details on these tasks 17 T100 17 Revision E Release 7 1 Configuring ONS User Configuration Local User Configuration Record Examining Configurations How to Follow these steps to examine SSH Record configurations Step Process 1 Select Examine Network Security from Examine menu The Examine Network Security menu appears 2 Select Examine SSH Record The Examine SSH Record screen appears see Figure 9 Example Node Node 985 Address 985 Date 24 MAR 2005 Time 19 05 2 Menu Record Examination Page 1 of 1 SSH Server Enable Disable RSA Enabled SSH Authentication Method Password Press any key to continue ESC to exit Figure 9 Examine SSH Record Screen 18 SSH Server
21. ction This section describes algorithms and authentication methods supported by the Vanguard SSH Server Encryptions e 3DES CBC e AES CBC E Note AES CBS is supported by Release 7 1 ROOA and later It requires a hardware encryption card ECC SIMM or AEC PMC Data Integrity e HMAC SHA1 e HMAC MD5 Key Exchange e Diffie Hellman Group1 SHA1 Method e Diffie Hellman Group Exchange SHA1 Public Key e SSH RSA Algorithm E Note Data compression is not supported by the Vanguard SSH Supported e Releases prior to 6 5 P04A support SSH with hardware encryption ONLY Platforms and require Security License for Vanguide selecting both SSH and IPSec to create an image Table 1 Supported Platforms Prior to Release 6 5P04A Product N A 6435 55 N A 7310 7330 NOTE ECC SIMM for v342 and v340 E and AEC PMC Card for 7300 are required to use this feature with releases prior to 6 5PO4A e Release 6 5P04A and later supports both hardware encryption SSH and software encryption SoftSSH 3 T100 17 Revision E Release 7 1 Supported Features Table 2 Supported Platforms After Release 6 5P04A and Prior to 7 0 R000 Product Nosmm pcc ECO ac N A N A N A N A NOTE 6840 6841 was supported by 6 5 P30A Table 3 Supported Platforms After Release 7 0 R000 and Prior to 7 1 R00A Product Nosmm bec ecc amc N A N A N A N A N A N A NOTES e From 7 0 R000 no need to include IPSec in an image to use the SSH feature
22. d Connection Examples B 8 Index 1 Server Configuration Samples SSH A 1 SSH Configuration Samples B 1 SSH Connection Protocol 1 1 SSH CTP access only 1 2 SSH Server Configuraton Samples A 1 SSH Server Statistics 1 15 SSH Transport Layer Protocol 1 1 SSH User Authentication Protocol 1 1 SSH2 Protocol Support 1 1 SSH RSA public key algorithm 1 3 Symmetric Cipher 1 2 T TCP port defined 1 2 Typical SSH Application 1 1 U Update System Parameters Menu 1 6 V Vanguard SSH Server Configuration Samples 1 13 vsh replacement by SSH 1 1 Index 2 Index continued
23. e for IP address Part 150 30 1 203 SSH Protocol C Baw Telnet C Rlogin Load save or delete a stored session paved Sessions 150 30 1 203_PublicPrivate Default Settings 150 30 1 203 160 30 1 203_ PublicPrivate Load Save Delete Close window on exit O Always C Never Only on clean exit Select Open Figure B 4 PuTTY Private Key Configuration B 6 SSH Configuration Samples PuTTY Configuration and Connection Examples Enter both User Name configured in Local User Configuration and Passphrase created when generating public and private keys with PuTTY Key Generator putty gen exe E Note You must enter the passphrase EXACTLY as the one created with PuTTY Key Generator Login as leah2 lt ENTER gt Passphrase for key rsa key 20052017 leah123 Leah2 150 30 1 222 s password ABC lt ENTER gt OK Type atds or ATDS lt ENTERS gt to login E Note Do not type atdsO or ATDSO of 150 30 1 222 PuTTY login as leahz Further authentication required Authenticating with public key rsa key Z0051117 Passphrase for key rsa key Z0051117 Further authentication required leah24150 50 1 222 s password OF atda CONNECT 3 Node6455 17 Nov 2005 15 31 SSH 1 CONNECTED TO ControlPort Press any key to continue ESC to exit E Note OK prompts might appear a couple of times Please keep typing atds or ATDS Figure B 5
24. elect Delete Network Security gt Delete SSH from Delete menu The Delete Network Security menu appears 2 Select Delete SSH Record and enter y to proceed The record is deleted see Figure 12 Example Enter Selection 1 Delete SSH record Proceed y n y Record Deleted Press any key to continue ESC to exit Figure 12 Delete SSH Record Menu 21 T100 17 Revision E Release 7 1 How to Example Deleting RSA Key Pair Follow these steps to delete the RSA Key Pair Step Process 1 Select Delete Network Security gt Delete SSH from Delete menu The Delete Network Security menu appears Select Delete RSA Key Pair and enter y to proceed The record is deleted Figure 13 Enter Selection 2 Delete SSH Server RSA Public Key Are you sure you want to delete the RSA key pair y n y Record Deleted Press any key to continue ESC to exit Figure 13 Delete RSA Key Pair Screen Overview Introduction Example 1 Password ONLY ONS User Configration Main 8 6 Configure SSH Record Main 6 18 1 Appendix A SSH Server Configuration Samples This appendix provides configuration samples for Vanguard SSH Server For further details on the configuration parameters please refer to Configuring SSH Server Configuration Record Configuring SSH Server is very simple And it is no need to boot configuration changes t
25. ell Password leah st SU 30 1 222 requires a password Please enter a password now 2 Type Password configured in Local User Configuration Username Example Password Password abe lt ENTER gt Save password Te Type Passphrase configured in Enter Secure Shell Passphrase SecureCRT when generating the Enter a passphrase to decrypt your private key for public key in Figure 8 leah st 50 30 1222 Example Comment AUT AT Sy ae oe Passphrase leah123 lt ENTER gt Pasephrase 4 Type atds or ATDS and press ENTER to login E Note Do not type atds0 or ATDSO a 150 30 1 222 SecureCRT Eile Edit View Options Iransfer Script Tools Help JHU IE Earr Ee amp 150 30 1 222 3 Node6455 17 NOY 2005 16 46 SSH 1 CONNECTED TO ControlPort Press any key to continue lt ESC to exit gt ssh2 3DES 8 47 24Rows 80 Cols YT100 Figure B 10 Connecting to a Vanguard SSH Server with SecureCRT Password and Public Key authentication methods SSH Configuration Samples B 17 SecureCRT Configuration and Connection Examples SSH Configuration Samples Numerics 3DES CBC encryption 1 3 B Blank name users 1 6 C Choice of the hash algorithm 1 2 Choice of the message authentication algorithm 1 2 Choice of the public key algorithm 1 2 Choice of the symmetric encryption algorithm 1 2 Configuration and Connection Examples PuTTY B 2 SecureCRT B 8 C
26. fines User Name Password and Public Key To configure a user name password and a client public key if necessary follow these steps to access the Local User Configuration Menu Step Process 1 Update System Parameters from the CTP Main menu The Update System Parameters menu similar to that shown in Figure 2 is dis played 2 Select ONS User Configuration The Local User Configuration param eters appear in sequence File Edit View Options Data Tools Window Help Rapid Connect Data Script File mot leame gt A S Node985 Address 985 Date 24 MAR 2005 Time 15 58 47 Update System Parameters Path Main 8 Managers Password User Password Date Time Valid CTP Calling Addresses Diagnostic Password ONS User Configuration Enable CIP User Prompt Network Time Synchronization co J070n wr Enter Selection Alt Host Chat Logonvviz WinLink Cmd Mode Send Fax Explorer DOS Prmat ANSI BBS RAWASCIl direct connectCom 115200 N 8 1 rd sd cd cts 4 03PM Connected 48 45 50 Figure 2 Update System Parameters Menu Entering a displays online Help for the current parameter option on the screen E Note Blank name users such as Managers cannot configure a public key Therefore it cannot be used for a SSH connection SSH Server Parameters T100 17 Revision E Configuring ONS User Configuration Local User Configuration Record Configuring SSH Cl
27. gure 6 Password and Public Key Authentication Methods Note Make sure to copy the public key to User Public Key precisely You MUST copy the public key LINE B Y LINE not including any spaces and new lines E Note When copying the public key generated by SSH Client s Key Generator Wizard you must copy the part of key in GREEN No space or new line is included in the copied key SSH Server Configuring ONS User Configuration Local User Configuration Record SSH Server Statistics Introduction This section describes how to view SSH Server statistics Follow these Type of Statistics steps Step Process 1 Select Status statistics gt Network Security Stats from the CTP Main menu The Network Security Stats menu appears similar to that shown in Figure 7 is displayed Select the SSH Statistics menu The Show RSA Key Pair appear 3 Select the Show RSA Key Pair The SSH Server RSA Public Key is displayed if it was already generated You can generate the following statistics e SSH Server RSA Public Key Statistics Node Address Date Time Menu SSH StatisticsPath Main 6 1 Show RSA Key Pair Enter Selection Figure 7 SSH Statistics 15 T100 17 Revision E Release 7 1 Configuring ONS User Configuration Local User Configuration Record What You See In This Screen 16 Enter Selection 1 lt ENTER gt Display SSH Server RSA Public Key The RSA Publi
28. ient Configuration Parameters The Local User Configuration can have 64 entries and each entry contains these parameters E Note No boot is required to take effect configuration changes User Name Range 0 64 alphanumeric characters use the space character to blank field Default blank Description ONS User Name Password Range 0 32 alphanumeric characters use the space character to blank field Default blank Description ONS User Password Verify Password Range 0 32 alphanumeric characters use the space character to blank field Default blank Description ONS User Password User Privilege Range Read Only Diagnostic Basic Plus Medium Level High Level Ser vice Engineering Default Read Only Description ONS User Password Read Only Privileges to Examine List Monitor and Status Menus Diagnostic Privileges to Read Only Diagnostic Menu Basic Plus Privileges to Diagnostic Booting and Lan Control Medium Level Privileges to Basic Plus Basic Configuration High Level Privileges to Medium Level Port configuration and Others Service Privileges to High Level User Management Configu ration Engineering Privileges to All Configurations 7 Release 7 1 Configuring ONS User Configuration Local User Configuration Record User Public Key Range 0 300 alphanumeric characters
29. ipt tbbF2gDWy3F rQpwiv llacbxOyFUIP eceghO7gJk8N16k im2cduG5NGwZ5 uLv8wm46SW HVuLZ0 IpReskJUkauSGxnd95ev6 lyterd1WAaNyT ZfLFUrghbwvwlQ ani END Done PUBLIC KEY Ln 7 Col 69 E Note You must copy the key LINE BY LINE Do not copy the key by selecting the whole key at one time Figure B 9 SecureCRT Configuration Identity pub Window SSH Configuration Samples B 15 SecureCRT Configuration and Connection Examples SSH Server Configuration ONS User Configuration Local User Configuration Main 8 6 Entry Number 1 3 3 User Name blank leah3 3 Password abe 3 Verify Password abe 3 User Privilege Service 3 User Group All 3 User Public Key blank AAAAB3NzaClyc2EAAAADAQABAAAAgQDSTLIO2NZ4Ju iVSOFxme BcdjeJjeyJ QOJ5BFLeY S4fip bbF2gDWy3FrQpwjvVllacbx0yFUIP eceghO7 Jk8M16kim2cduGSNGwZSuLv8wm46SW HVuLZOIpResx JU kauSGxn595ev6lyterS1 WAaNyT ZfLFUrghbwvwIQ E Note The copied alphanumeric characters in User Public Key must match to the key generated by Key Generation Wizard not missing even a single character To connect to a Vanguard SSH Server with Password and Public Key authentication methods refer to the steps in Figure 10 SSH Configuration Samples SecureCRT Configuration and Connection Examples Connect JY wa ft Be X amp G Sessions A 150 30 1 222 A 150 30 1 222 6455DES128 Select Connect Show dialog on startup _ Open in a tab Enter Secure Sh
30. nerator Configuration B 4 SSH Configuration Samples SSH Server Configuration ONS User Configuration SSH Server Configuration SSH Record SSH Server Configuration Generate RSA Key Pair PuTTY Configuration and Connection Examples Local User Configuration Main 8 6 Entry Number 1 2 2 User Name blank leah2 2 Password A BC 2 Verify Password A BC 2 User Privilege Read Only Service 2 User Group AII 2 User Public Key blank AAAAB3NzaClyc2EAAAABJQAAATEAwWLQOrvofAJWbASQ48KnjiNs5t3pX6H IwQQIM4CTEMofZEWS81c6yZT9fPSkKBgRx2CA K1Ut FWd7 OOKXxB4 SAYbDKTJqywgYISYIrRETsPUY gl wwf Ao0A60h7sGcHHi4F znlQ Z3rcsJk 69PEBBOsUnrZPI2Z2QPKoxTvb f kZZhCBxU E Note The copied alphanumeric characters in User Public Key must match to the key generated by SSH Client s Key Generation Wizard EXACTLY Make certain to copy the key LINE BY LINE to User Public Key parameter because the copied key must not include any space or new line SSH Record Configuration Main 6 18 1 SSH Server Enable Disable RSA Enabled SSH Authentication Method Password Password Public Key Generate SSH Server RSA Key Pair Main 6 18 2 The RSA Public Key AAAAB3NzaClyc2EAAAADAQABAAAAgQDKScDsTucRIW8Qb dM1RuLdUHsA Ot6b2dJV DA 3rcUiul1 b8dQ0c8S BDdDCrfJ9X oSTxxdCyfti7jA1K 8n7jnJM3cY 9dDB1ZfBcSe5siB5p7sdkjfUVvh H7ZBebY0Y ginhLm1QfB1QLITXK84EqHdttF C9Q scWjloC cgV w E Note Make certain to generate RSA Key Pair With
31. o take effect Once those changes are saved they will be activated Below are the basic configuration samples for the Password only and Public Key authentication methods E Note The node needs an IP configuration for an SSH session Make sure to configure the IP related parameters and boot the node to activate those configuration changes BEFORE you start configuring SSH related parameters The section below describes how to configure the SSH Server to use Password authentication method Local User Configuration Entry Number 1 1 1 User Name blank leah1 1 Password 1 23 1 Verify Password 23 1 User Privilege Read Only Service 1 User Group All 1 User Public Key blank E Note Leave User Public Key blank if SSH Authentication Method in SSH Record is set to Password ONLY Configure SSH Record SSH Server Enable Disable RSA Enabled SSH Authentication Method Password SSH Server Configuration Samples A 1 Generate RSA Key Pair Main 6 18 2 Example 2 Password Public Key ONS User Configuration Main 8 6 Configure SSH Record Main 6 18 1 A 2 Generate SSH RSA Key Pair The RSA Public Key AAAAB3NzaCl yc2EAAAADAQABAAAAgQDKScDsTucR1W8Q bdM1RuLdUHsA Ot6b2dJV DA 3rcUiu 1 b8dQ0c8S BDdDCrfJ9X eSTxxdCyfti7jA 1K 8n7jnJM3cY9dDB1ZfBcSeSsiB5p7sdkjfUVv hH7ZBebYOY gInhLmlQfB 1 QLITxK84EqHdttF C9Q gcWjloC cg V w E Note Make certain to generate RSA Key Pair Without the RS
32. of key to generate O SSH1 RSA SSH2 RSA SSH2 DSA Number oi bits in a generated key 1024 x Pul TY Key Generator File Key Conversions Help Key Public key for pasting into OpenSSH authorized_keys file ssh tsa ASSABSNzaCT yo2ESAASABIOAAAIEAWwLOrvolAJWbAS QO 48K niIN St3pX6HI3wOQ 1M4 CTEMofZEW 81 cByZT SIP5kBgRx2CAK1 Ut PWwd7 00kxX B 4 84 bk TJ qpwaYlSY IRE TsPUYg1 wwf 40460h sGcHHi4F2nlQZ3rcsJKBSPEBBOsUniZPIZ0 PKoxT vb fkZZhC BxU rsa key 20051117 Key fingerprint ssh tsa 1024 bd Be b4 30 a6 2c e4 86 da d5 b3 d5 fe bd 46 31 Key comment rsa key 20051117 Key passphrase TITO Confirm passphrase eee ece Actions Generate a public privat key pair Load an existing privat key file Load Save the generatedkey Save public key Save private key Parameters Type of key to generate SSH1 RSA SSH2 RSA SSH2 DSA Number of bits in a generated key 1 024 Enter an arbitrary Key G Copy the key information in Public key for pasting into Open SSH passphrase authorized _key file to User Public Key in Local User Configuration Example leah123 DELETING the text strings ssh rsa and rsa key xxxxxxxx from the beginning and the end of the key generated Save both public and private keys on your PC E Note Must copy the key LINE BY LINE not including any new line or space Do not copy the whole key by selecting all of it at one time Figure B 3 PuTTY Key Ge
33. on on the screen 9 T100 17 Revision E Release 7 1 Configuring ONS User Configuration Local User Configuration Record Configuring SSH Server Configuration Record Parameters Parameters The SSH Server Configuration Record contains these parameters E Note No boot is required to take effect configuration changes SSH Server Enable Disable Range Disabled RSA Enabled DSS Enabled Default Disabled Description Enable Disable SSH Server SSH Authentication Method Range Password Public Key Default Password Description SSH Authentication Methods Multiple choices can be done like Password Public Key 10 SSH Server Configuring ONS User Configuration Local User Configuration Record Generating Server Key Pair Introduction The Generate RSA Key generates a key pair for the server You must generate a key pair at least once Once the key pair is generated you do not have to regenerate it unless it is required The key size is by default 1 024 bits and is not configurable E Note Vanguard SSH supports RSA only Follow these To generate a key pair follow these steps to access Generate RSA Key Pair Menu steps Step Process 1 Select Configure gt Configure Network Security gt Configure SSH fro the CTP Main menu The Configure SSH menu appears similar to that shown in Figure 4 is displayed 2 Select Generate RSA Key Pair The RSA Key Pair is generated
34. onfiguration Samples SSH B 1 Configure SSH Menu 1 9 I 11 Configuring ONS User Configuration 1 6 Configuring SSH Client Configuration Parameters 1 7 Configuring SSH Server Configuration Record 1 9 Configuring SSH Server Configuration Record Parameters 1 10 D Data compression 1 3 Delete Local User Configuration entries 1 17 Delete ONS User Menu 1 20 Delete RSA Key Pair 1 17 Delete RSA Key Pair Screen 1 22 Delete SSH Record Menu 1 21 Delete SSH Server Record 1 17 Deleting Local User Configurations 1 20 Deleting RSA Key Pair 1 22 Deleting SSH Record Configuration 1 21 Diffie Hellman Group Exchange SHAI key ex change method 1 3 Diffie Hellman Group1 SHAI key exchange method 1 3 DNS spoofing 1 1 E Examine configurations 1 17 Examine SSH Record Screen 1 18 Examining Configurations 1 18 Index G Generating Server Key Pair 1 11 H HMAC MD5S data integrity 1 3 HMAC SHA data integrity 1 3 I IP source routing 1 1 IP spoofing 1 1 K Key exchange 1 2 L List configurations 1 17 List SSH Record Screen 1 19 Listing Configurations 1 19 M Managing SSH Server Configurations 1 17 N Network Security Stats 1 15 O Online Help 1 6 P Password and Public Key Authentication Methods 1 14 Password Authentication Method Only 1 13 PuTTY Configuration and Connection Examples B 2 R rlogin replacement by SSH 1 1 rsh replacement by SSH 1 1 S Secure Shell SSH protocol 1 1 SecureCRT Configuration an
35. out the RSA Public Key the feature is disabled However it is not necessary to generate an RSA key every time when making configuration changes The node uses the same generated key unless it is deleted from Delete Menu SSH Configuration Samples B 5 PuTTY Configuration and Connection Examples PuTTY Private Key To connect to a Vanguard SSH Server using PuTTY Private Key refer to the steps in Figure 4 of PuTTY Configuration Category a Session Logging E Terminal Keyboard Bell Features vv iniclow Appearance Behaviour Translation Selection Colours E Connection Proxy Telnet Riloqgin SSH Tunnels Bugs Options controlling S3H authentication Authentication methods Attempt TIS or CryptoCard auth SSH1 select the private key tempt keyboard interactive auth SsHe saved for Private key file for authentication Authentication parameters Allow agent forwarding Allow atternoted changes of username in SSH2 Private key file for authentication C Features SSH Privatekey ppk Select Open of PuTTY Configuration Category Logging E Terminal Keyboard Bell Features vv indow Appearance Behaviour Translation Selection Colours E Connection Proxy Telnet Rloqgin SSH Auth Tunnels Bugs Enter an IP address to get access to Vanguard SSH Server via SSH Basic options for wour PuT TY session specify your connection by host name olPectiress Host Nam
36. phrase and click Next Example Passphrase leah123 Select Next Q Keep on moving the mouse and once Next button is available to select click Next Figure B 8 SecureCRT Configuration with Public Key Authentication Method Continued SSH Configuration Samples SecureCRT Configuration and Connection Examples Key Generation izard Choose a directory and filename for the private key The public key will use the same directory and filename with a pub extension Private key filename Settings 1 01 27 4pplication Date anDyke l dentit Public key filename Save the generated key aR and select Finish C Documents and Settings 10121 4pplication Dat After exiting the Wizard upload the public key file to the appropriate folder on your SSH server See help or r 4 your SSH server documentation for more intormabi n Select Yes when using Public Key Otherwise select No It can be Secure Ch T configured later as well in SSH2 of Global your global public key Options as shown below Global Options Category g General SSH Default Session Terminal Public key Appearance Use identity file ANSI Color l z Cda chanics C Features SSH SecurelR TY Identity a i jnt 42 05 45 f2 94 dd 4d 07 4c 3c fe d0 b5 21 70 38 S Printing Fingerprint coce Advanced Create Identity File Change Passphrase
37. r for more information Generate a Public Key Select Tools gt Create Public Key 2 Select Next Key Generation Y izard Select the type of public key to generate Most servers P i support DSA kens Many servers may not support ASA Select RSA keys Key type 2 Select Next Figure B 8 SecureCRT Configuration with Public Key Authentication Method SSH Configuration Samples SecureCRT Configuration and Connection Examples Key Generation izard Enter a passphrase which protects pour encrpted private key The passphrase is optional but if itis not used the private key will not be encrypted not recommended Passphrase Confirm Passphrase Enter a comment that will be displayed when vou are asked for your passphrase lt will be stored with your key Comment MO ear 21 ckOg421 Key Generation izard lower number provides less security takes less time to generate and authenticates faster 4 higher number provides greater security takes more time to generate and authenticates more slowly 1024 is the recommended value Cancel Key Generation izard Please move the mouse until the progress bar stops moving This provides important random input that i used during key generation The key is now being generated This could take from a few seconds to several minutes depending on the key length selected and the PC s processor speed Enter an arbitrary pass
38. sonnel at intermediate hosts e Attacks based on monitoring X authenticating data and spoofing connection to the X11 server The SSH protocol consists of three major components e Transport Layer Protocol provides server authentication confidentiality and integrity with errorlesss forward secrecy e User Authentication Protocol authenticates the client to the server e Connection Protocol multiplexes the encrypted tunnel into several logical channels Secure Insecure Network Connection Encrypted SSH Tunnel G SSH Client Figure 1 Typical SSH Application Secure Connection q UA SSH Server 1 Release 7 1 Functional Description Functional Description Overview SSH Protocol Architecture Transport Layer Authentication Layer Connection Layer Public Key Management Authentication with ONS RADIUS Feature SSH is currently used for CTP access only The SSH server acts as a remote access server In SSH communication a secure transport layer is created so the client knows it is communicating securely with the correct server The communication is encrypted using a symmetric cipher The SSH TCP IP transport layer is security enhanced by encrypting and decrypting data and data packets as they are sent and received In addition the transport layer provides server authentication The layer permits e Key exchange e Choice of the public key algorithm for use e Choice of the s
39. ymmetric encryption algorithm for use e Choice of the message authentication algorithm for use e Choice of the hash algorithm for use E Note The Vanguard SSH Server does not support compression E Note The TCP port defined for SSH is port 22 This port cannot be changed SSH authentication layer authenticates the client side user to the server It runs over the SSH transport layer protocol Client side authentication methods supported e Password authentication method e Public key authentication method SSH connection layer multiplexes the encrypted tunnel into several logical channels It also manages the SSH sessions It runs over the SSH user authentication protocol and transport layer protocol SSH manages Public Keys by allowing the user to e Generate key pair for the RSA server e Import client public keys e View List Delete client public keys and server key pairs etc Release 7 0ROOO and beyond supports SSH and Radius Client inter working for password authentication only There are no configuration changes in SSH required to support this functionality To affect this inter working SSH has been added to the list of supported applications in the Radius Client configurable parameters along with the existing access points CTP Telnet and HTTP Refer to the RADIUS user documentation for more information on how to configure ONS users for Radius authentication SSH Server Supported Features Supported Features Introdu
Download Pdf Manuals
Related Search