beautypg.com

Establishing a connection using ssh (secure shell), Enabling and restricting ssh access, Running an ssh client – Nortel Networks NN46120-104 User Manual

Page 138

background image

138

The Command Line Interface

telnet

You will then be prompted to enter a valid user name and password. For
more information about different user accounts and default passwords, see

“Accessing the NVG Cluster” (page 140)

.

Establishing a Connection Using SSH (Secure Shell)

When accessing the VPN Gateway from a workstation connected to the
network using a Telnet connection, it is important to keep in mind that
the communication channel is not secure. All data flowing back and forth
between the Telnet client and the VPN Gateway is sent unencrypted
(including the password), and there is no server host authentication.

By using an SSH client to establish a connection over the network, the
following benefits are achieved:

Server host authentication

Encryption of passwords for user authentication

Encryption of all traffic that is transmitted over the network when
configuring or collecting information from the VPN Gateway

Enabling and Restricting SSH Access

SSH access to the VPN Gateway is disabled by default. However,
depending on the severity of your security policy, you may want to enable
SSH access. You may also restrict SSH access to one or more specific
machines.

For more information about how to enable SSH access, see the

ssh

command in the "Administrative Applications Configuration " section
under Configuration Menu>System Configuration in the Command
Reference
. For more information about how to restrict SSH access to one
or more specific machines, see the add command in the "System Access
Configuration
" section in the same chapter.

Running an SSH Client

Connecting to the VPN Gateway using a SSH client is similar to
connecting through Telnet. As with Telnet, the IP parameters on the
VPN Gateway need to be configured in advance and SSH access
must be enabled. After providing a valid user name and password, the
command line interface in the VPN Gateway is accessible the same
way as when using a Telnet client. However, because a secured and
encrypted communication channel is set up even before the user name
and password is transmitted, all traffic sent over the network while

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.