Connecting to devices using ssh – Avocent CCM1640 User Manual
Page 29
Chapter 3: Operations
23
For more information, see Show Server CLI command and Server PPP
command in Chapter 5.
To display PPP confi guration information:
Issue a Show Server PPP command.
SHOW SERVER PPP
For more information, see Show Server PPP command in Chapter 5.
Connecting to devices using SSH
The CCM supports version 2 of the SSH protocol (SSH2). The CCM SSH server
operates on the standard SSH port 22. The shell for this connection provides a
CLI prompt as if you had established a Telnet connection on port 23. The shell
request for this connection is for CLI access.
Additional CCM SSH servers operate on TCP ports that are numbered with
values 100 greater than the standard 30xx Telnet ports for the CCM. For
example, if port 7 is configured for Telnet access on port 3007, then port
3107 will be a direct SSH connection for port 7. When SSH is enabled, Telnet
port 23 connections will be accepted from other clients if the Server Security
command includes Encrypt=SSH,None. Connecting to Telnet port 23 may be
tunneled via a connection to SSH port 22.
SSH server keys
When SSH is enabled for the first time, the CCM generates an SSH server key.
The key generation process may take up to ten minutes. The key is computed
at random and is stored in the CCM configuration database.
In most cases, the SSH server key should not be modified because most SSH
clients will associate the key with the IP address of the CCM. During the first
connection to a new SSH server, the client will display the fingerprint of the
SSH server key and prompt you to indicate if you wish to store it on the SSH
client. After the first connection, most SSH clients will validate the key when
connecting to the CCM. This provides an extra layer of security because the
SSH client can verify the key sent by the server each time it connects.
If you disable SSH and later reenable it, you may either use the existing server
key or compute a new one. If you are reenabling the same server at the same
IP address, it is recommended that you use the existing key, as SSH clients may
be using it for verification. If you are moving the CCM to another location and
changing the IP address, you may wish to generate a new SSH server key.