Configuring Secure Shell (SSH) server and client About the Secure Shell (SSH) server
Digi TransPort® Routers User Guide
542
About the Secure Shell (SSH) server
The Secure Shell (SSH) server allows remote peers to access the router over a secure TCP connection
using a suitable SSH client. The SSH server provides a Telnet-like interface and secure file transfer
capability.
SSH uses a number of keys during a session. The router uses the host keys for authentication
purposes. Keys unique to each SSH session are also generated and the router uses these keys for
encryption/authentication purposes.
The router supports SSH v1.5 and SSH v2. The host key file format differs for each version but there
would normally only be one host key for each version. For this reason the router allows the user to
configure two host key files. These keys may be changed from time to time, specifically if it suspected
that the key has become compromised. Because the host keys need to be secure, it is highly
recommended to store the files on the router’s FLASH filing system using filenames prefixed with priv
which makes it impossible to read the files using any of the normal methods (such as FTP). It is
possible (using the genkey command) to create host keys in either format for use with SSH. Using this
utility it is not necessary to have the host key files present on any other storage device (thus providing
an additional level of security). For details on generating a private key file, see Generate SSH private
keys.
Unlike the Telnet server, you can configure the number of SSH server sockets that listen for new SSH
connections.
Multiple SSH server instances can be configured, each instance can be configured to listen on a
separate port number and can use different keys and encryption methods.
You can configure which authentication methods the router uses in an SSH session and the preferred
selection order. The router currently supports MD5, SHA1, MD5-96 and SHA1-96. If required, you can
specify a public/private key pair for authentication.
The router currently supports 3DES, 3DES-CBC, and AES cipher methods.
DEFLATE compression is also supported. If DEFLATE compression is enabled and negotiated, SSH
packets are first compressed before being encrypted, and delivered to the remote unit via the TCP
socket.
Note The SSH server supports the SCP file copy protocol but does not support filename wildcards.
To Next Page
Loading...
