Alteon Application Switch Operating System Application Guide
Securing Alteon
Document ID: RDWR-ALOS-V2900_AG1302 75
To set the interval of RSA server key auto-generation
Alteon can also regenerate the RSA server key, using the following command:
Note: This command is available when connected through either the console port, Telnet, or SSH.
The number of hours must be between 0 and 24. 0 indicates that RSA server key auto-generation is
disabled. When greater than 0, Alteon auto-generates the RSA server key every specified interval.
However, RSA server key generation is skipped if Alteon is busy with other key or cipher generation
when the timer expires.
Note: Alteon performs only one key/cipher generation session at a time. As a result, an SSH/SCP
client cannot log in if Alteon is performing key generation at the same time, or if another client has
just logged in. Also, key generation fails if an SSH/SCP client is logging in at the same time.
SSH/SCP Integration with RADIUS Authentication
SSH/SCP is integrated with RADIUS authentication. After you enable the RADIUS server, Alteon
redirects all subsequent SSH authentication requests to the specified RADIUS servers for
authentication. This redirection is transparent to the SSH clients.
SSH/SCP Integration With SecurID
SSH/SCP can also work with SecurID, a token card-based authentication method. Using SecurID
requires the interactive mode during login, which is not provided by the SSH connection.
Note: There is no SNMP or BBI support for SecurID because the SecurID server, ACE, is a one-time
password authentication and requires an interactive session.
Using SecurID with SSH
Using SecurID with SSH includes the following tasks:
1. To log in using SSH, use a special username, "ace", to bypass the SSH authentication.
2. After an SSH connection is established, you are prompted to enter the username and password,
after which the SecurID authentication is performed.
3. Provide your username and the token in your SecurID card as a regular Telnet user.
Using SecurID with SCP
Using SecurID with SCP can be performed in one of the following ways:
• Using a RADIUS server to store an administrator password—You can configure a regular
administrator with a fixed password in the RADIUS server if it can be supported. A regular
administrator with a fixed password in the RADIUS server can perform both SSH and SCP with
no additional authentication required.
>> # /cfg/sys/access/sshd/intrval <number of hours (0-24)>
To Next Page
Loading...
Need help?
General