beautypg.com

Connecting to devices using ssh – Avocent CCM1640 User Manual

Page 29

background image

Chapter 3: Operations

23

For more information, see Show Server CLI command and Server PPP

command in Chapter 5.

To display PPP confi guration information:

Issue a Show Server PPP command.

SHOW SERVER PPP

For more information, see Show Server PPP command in Chapter 5.

Connecting to devices using SSH

The CCM supports version 2 of the SSH protocol (SSH2). The CCM SSH server
operates on the standard SSH port 22. The shell for this connection provides a
CLI prompt as if you had established a Telnet connection on port 23. The shell
request for this connection is for CLI access.

Additional CCM SSH servers operate on TCP ports that are numbered with
values 100 greater than the standard 30xx Telnet ports for the CCM. For
example, if port 7 is configured for Telnet access on port 3007, then port
3107 will be a direct SSH connection for port 7. When SSH is enabled, Telnet
port 23 connections will be accepted from other clients if the Server Security
command includes Encrypt=SSH,None. Connecting to Telnet port 23 may be

tunneled via a connection to SSH port 22.

SSH server keys

When SSH is enabled for the first time, the CCM generates an SSH server key.
The key generation process may take up to ten minutes. The key is computed
at random and is stored in the CCM configuration database.

In most cases, the SSH server key should not be modified because most SSH
clients will associate the key with the IP address of the CCM. During the first
connection to a new SSH server, the client will display the fingerprint of the
SSH server key and prompt you to indicate if you wish to store it on the SSH
client. After the first connection, most SSH clients will validate the key when
connecting to the CCM. This provides an extra layer of security because the
SSH client can verify the key sent by the server each time it connects.

If you disable SSH and later reenable it, you may either use the existing server

key or compute a new one. If you are reenabling the same server at the same

IP address, it is recommended that you use the existing key, as SSH clients may

be using it for verification. If you are moving the CCM to another location and

changing the IP address, you may wish to generate a new SSH server key.

This manual is related to the following products: