Filter
Top Products
Chapter 3: Operations 17
Telnet access on port 3007, then port 3107 will be a direct SSH connection for port 7. When SSH is
enabled, Telnet port 23 connections will be accepted from other clients if the Server Security
command includes the Encrypt=SSH,None parameter, which indicates that both SSH and plain text
connections will be allowed. Connecting to Telnet port 23 may also be tunneled through a
connection to SSH port 22.
Telnet, DSView software and SSH clients may authenticate using a DS server.
SSH server keys
When SSH is enabled for the first time, the CPS generates an SSH server key. The key generation
process may take up to ten minutes. The key is computed at random and is stored in the CPS
configuration database.
In most cases, the SSH server key should not be modified because most SSH clients will associate
the key with the IP address of the CPS appliance. During the first connection to a new SSH server,
the client will display the SSH server’s key. You will be prompted to indicate if it should be stored
on the SSH client. After the first connection, most SSH clients will validate the key when
connecting to the CPS appliance. This provides an extra layer of security because the SSH client
can verify the key sent by the server each time it connects.
When you disable SSH and later reenable it, you may either use the existing server key or compute
a new one. If you are reenabling the same server at the same IP address, it is recommended that you
use the existing key, as SSH clients may be using it for verification. If you are moving the CPS
appliance to another location and changing the IP address, you may wish to generate a new SSH
server key.
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable SSH, you may
specify the authentication method(s) that will be used for SSH connections. The method may be a
password, an SSH key or both. A user’s password and SSH key are specified with a User Add or
User Set command. All SSH keys must be RSA keys. DSA keys are not supported.
Table 3.2 lists and describes the valid SSH authentication methods that may be specified with a
Server SSH command.
Table 3.2: SSH Authentication Methods
Method Description
PW (default)
SSH connections will be authenticated with a username/password. With this method,
a user’s definition must include a valid password in order for that user to authenticate
an SSH session. A password may authenticate to a DSView software or RADIUS
server or to the local user database.
KEY
SSH connections will be authenticated with an SSH key. With this method, a user’s
definition must include valid SSH key information in order for that user to
authenticate an SSH session. Key authentication is always local; RADIUS is not
supported. For more information, see SSH user keys on page 18.