8: SSH and SSL Security
XPort AR User Guide 126
b) If the keys do not exist, select the Key Type and the key’s Bit Size from the
Create New Keys section. Click Submit to create new private and public
host keys.
Note: Generating new keys with a large bit size results in very long key
generation time.
3. Click SSH Æ Server Auth Users from the navigation menu. The SSH Server:
Authorized Users page displays.
4. Enter the Username and Password for authorized users.
5. If available: locate the Public RSA Key or the Public DSA Key by clicking
Browse. Configuring a public key results in public key authentication; this
bypasses password queries.
Note: When uploading the certificate and the private key, ensure the private
key is not compromised in transit.
SSH Client Configuration
To configure the XPort AR as an SSH client, there is one requirement:
An SSH client user is configured and exists on the remote SSH server.
To configure SSH client settings:
1. Click SSH Æ Client Users from the navigation menu. The SSH Client: Users
page displays.
2. (Required) Enter the Username and Password to authenticate with the SSH
server.
3. (Optional) Complete the SSH client user information as necessary. The Private
Key and Public Key automate the authentication process; when configured and
the user public key is known on the remote SSH server, the SSH server does not
require a password. (Alternatively, generate new keys using the Create New
Keys section.). The Remote Command is provided to the SSH server. It
specifies the application to execute upon connection. The default is a command
shell.
Note: Configuring the SSH client’s known hosts is optional. It prevents Man-
In-The-Middle (MITM) attacks.
Secure Sockets Layer: SSL
SSL uses cryptography to offer authentication and privacy to message transmission
over the Internet. Typically, only the server is authenticated. SSL allows the
communication of client/server applications without eavesdropping and message
tampering. SSL uses the public-and-private key encryption system from RSA, which
also includes the use of a digital certificate.
SSL runs on layers between application protocols (HTTP, SMTP, etc.) and the TCP
transport protocol. It is most commonly used with HTTP (thus forming HTTPS).
On the XPort AR, configure an SSL certificate for the HTTP server to listen on the
HTTPS port. This certificate can be created elsewhere and uploaded to the device.