Bridging using ssh – B&B Electronics WLNN-AN(ER,SE,SP.EK)-DP551 - Manual User Manual

40

Airborne Enterprise CLI Reference Manual

The first time a given SSH client on a given workstation attempts to connect with
the module's SSH server, the SSH client will identify that the SSH
Client/Workstation has not connected to the module before and will ask the user
to accept the connection. If the connection is accepted the credentials (RSA
public key which was generated in Table 2) will be saved for use with subsequent
connections.



If the module is configured for DHCP on the network interface being used the SSH
client will consider it a "new" module any time it's assigned IP address changes and

require that the username and password be reentered, even if that client has
successfully connected to that module before.

Authentication via the SSH client is functionally identical to authentication over
the module's Debug Port. The module's SSH server will prompt the SSH Client
for a user name, and the SSH client will accordingly request the user to login and
provide a username (actual input request is determined by the SSH Client being
used) a similar prompt. After the desired username is entered, the modules SSH
server will prompt for the corresponding password. The username and password
are the same as used for the CLI auth command. Once the password challenge
is successful, the user will be in a standard CLI Session, just as if initiated over
TELNET. There is no need to re-enter the auth command in the CLI Session;
the SSH login procedure already securely identified the user to the module.

All CLI commands available to a TELNET CLI Session are available to a SSH
CLI Session; establishing a data bridge to a serial interface is identical to the
steps described in Section 8.1.2.

8.1.7 Bridging using SSH

The module supports module-initiated secure data bridging through use of a
Secure Shell (SSH) tunnel. This feature behaves very similarly to TCP pass
communication (see Section 8.1.1).

In order for the module to communicate with an SSH server, the same key-
generation preparation is necessary as for use of SSH CLI Sessions. This is
described in Table 2.



For an SSH server program, B&B Electronics has verified proper operation of

OpenSSH with the module's built-in SSH client.

The modules own SSH server has also been verified.

The first time the module attempts to communicate with a given SSH server, it
will, by default, not trust that server and will refuse to connect.

This is proper security protocol to avoid SSH server-identity theft. To tell the
module that it is acceptable to connect to a previously-unknown SSH server, you
must issue the CLI command ssh-trust 1. This instructs the module to
automatically trust new SSH servers until either the CLI command ssh-trust
0 is issued, or the module is restarted (for security purposes, ssh-trust 0 is
always set after a restart).