|
|
Secure (SSH) connection
We recommend that Users and Administrators use SSH as the security protocol when connecting to (and through) Opengear console servers - particularly when connecting over the Internet or other public network.
SSH will provide authenticated encrypted communications between the remote client program and the console server. Following are some of the SSH client programs that are supported:
- SDTConnector is a free open source SSH Java client that ships with each console server. It can autoload the console server configuration details and set up SSH tunnels so communications are port-forwarded through the console server, ensuring secure connectivity with attached network and serial devices (refer faq 265)
- PuTTY is a complete (though not user friendly) freeware implementation of SSH for Windows and UNIX platforms
- SSHTerm is a useful open source SSH communications package
- SSH Tectia is leading end-to-end commercial communications security solution for the enterprise
- Reflection for Secure IT (formerly F-Secure SSH) is another good commercial SSH-based security solution
For a more general overview on SSH refer faq 249.
SSH connection using PuTTY (example)
PuTTY runs as an executable application which can be freely downloaded from the PuTTY Download Page
- Enter the console server's IP address as the 'Host Name (or IP address)'
- To connect to the console server itself select 'SSH' and enter 22 as the Port. Then click the 'Open' button and you will be presented with the command line login prompt to access the console server's Linux kernel:
So you can check to see if agetty is running ( # ps -aux | grep agetty ) or check which serial ports were detected during boot ( # dmesg | grep tty ) or execute any of the other commands covered in faq 233.
- You can also SSH connect directly to serially connected Managed Devices. The SSH port address for direct access to a serially connected device is IP Address - Port (3000 + serial Port #). So to connect to a Managed Device on Port 1, set the 'TCP port' to 3001. Again click 'Open' and you will be presented with the login prompt from the remote Managed Device
- Alternately SSH connections to attached devices can be configured using the standard SSH port 22. The serial port being accessed is then identified by appending a descriptor to the username. This syntax supports any of:
< username> :< portXX>
< username>:< port label>
< username>:< ttySX>
< username>:< serial>
So for a User named 'fred' to access serial port 2, when connecting with the SSH client (e.g. SSHTerm or PuTTY SSH) instead of responding with username = 'fred' and ssh port = '3002' the alternate is to type username = 'fred:port02' (or username = 'fred:ttyS1') and ssh port = 22.
Another option is to type username='fred:serial' and ssh port = 22 ... and the user will be presented with a port selection menu option:
The above syntax enables users to set up SSH tunnels to all serial ports on a console server with only a single IP port 22 having to be opened in the console server/firewall.
-
When you have finished you can logout using the escape keys. The default escape key is '~' and the key to close is the '.' key. So to close the session first press the enter key to be on a new line and then press the ~. keys to terminate the ssh connection
Note: When users are Telnet or SSH connected to Managed Devices they can also control the power connection to the Managed Device from the command line using a hot key (refer faq 314)
|
