EDS-MD User Guide 58
10: Security Settings
The EDS-MD4, EDS-MD8 and EDS-MD16 device supports Secure Shell (SSH) and Secure
Sockets Layer (SSL). SSH is a network protocol for securely accessing a remote device. SSH
provides a secure, encrypted communication channel between two hosts over a network. It
provides authentication and message integrity services.
Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the
Internet. It uses digital certificates for authentication and cryptography against eavesdropping and
tampering. It provides encryption and message integrity services. SSL is widely used for secure
communication to a web server. SSL uses certificates and private keys.
Note: The device supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming
SSLv2 connection attempt is answered with an SSLv3 response. If the initiator also
supports SSLv3, SSLv3 handles the rest of the connection.
SSH Settings
SSH is a network protocol for securely accessing a remote device over an encrypted channel. This
protocol manages the security of internet data transmission between two hosts over a network by
providing encryption, authentication, and message integrity services.
Two instances require configuration: when the EDS-MD is the SSH server and when it is an SSH
client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode.
The SSH client is for tunneling in Connect Mode.
To configure the EDS-MD as an SSH server, there are two requirements:
Defined Host Keys: both private and public keys are required. These keys are used for the
Diffie-Hellman key exchange (used for the underlying encryption protocol).
Defined Users: these users are permitted to connect to the EDS-MD SSH server.
SSH Server Host Keys
The SSH Server Host Keys are used by all applications that play the role of an SSH Server.
Specifically Tunneling in Accept Mode. These keys can be created elsewhere and uploaded to the
device or automatically generated on the device.
If uploading existing keys, take care to ensure the Private Key will not be compromised in transit.
This implies the data is uploaded over some kind of secure private network.
Note: Some SSH Clients require RSA Host Keys to be at least 1024 bits in size.
Table 10-1 SSH Server Host Keys
RSS Settings Description
Private Key Enter the path and name of the existing private key you want to upload. . In
WebManager, you can also Browse to the private key to be uploaded. Be sure the
private key will not be compromised in transit. This implies the data is uploaded over
some kind of secure private network.