Ssh server, Ssl overview, Ssl authentication – Comtrol DeviceMaster LT User Manual
Page 53: Server authentication, Ssh server ssl overview ssl authentication
DeviceMaster LT User Guide: 2000586
Rev. B
DeviceMaster LT Security - 53
SSH Server
†
Enable Monitoring Secure Data via Telnet must be enabled. SSH does not
support port monitoring. You can set the securemon enable option.
admin commands are disabled except for read-only ID command required by
NS-Link to identify the device.
The intention is to allow NS-Link to operate through an SSL connection to Port
4606 while is in Secure Data Mode, and to allow NS-Link to operate through a MAC
connection with Secure Config Mode enabled and Secure Data Mode disabled.
SSH Server
The DeviceMaster LT SSH server has the following characteristics:
•
Requires password authentication – even if password is empty.
•
Enabled/disabled along with telnet access independently of Secure Data and
Secure Config Modes.
•
The DeviceMaster LT uses third-party MatrixSSH library from PeerSec
Networks:
.
SSL Overview
DeviceMaster LT SSL provides the following features:
•
Provides both encryption and authentication.
-
Encryption prevents a third-party eavesdropper from viewing data that is
being transferred.
-
Authentication allows both the client (that is, web browser) and server
(that is. DeviceMaster LT) to ensure that only desired parties are allowed
to establish connections. This prevents both unauthorized access and
attacks on the communications channel.
•
Two slightly different SSL protocols are supported by the DeviceMaster LT,
SSLv3 and TLSv1.
•
The DeviceMaster LT uses third-party MatrixSSL library from PeerSec
Networks:
l.
SSL Authentication
DeviceMaster LT SSL authentication has the following features:
•
Authentication means being able to verify the identity of the party at the other
end of a communications channel. A username/password is a common example
of authentication.
•
SSL/TLS protocols allow authentication using either RSA certificates or DSS
certificates. DeviceMaster LT supports only RSA certificates.
•
Each party (client and server) can present an ID certificate to the other.
•
Each ID certificate is signed by another authority certificate or key.
•
Each party can then verify the validity of the other's ID certificate by verifying
that it was signed by a trusted authority. This verification requires that each
party have access to the certificate/key that was used to sign the other party's
ID certificate.
Server
Authentication
Server Authentication is the mechanism by which the DeviceMaster LT proves its
identity.
•
The DeviceMaster LT (generally an SSL server) can be configured by
uploading an ID certificate that is to be presented to clients when they connect
to the DeviceMaster LT.
yes
yes
yes
disabled
disabled
disabled
SNMP
yes
yes
yes
disabled
disabled
disabled
RFC1006
yes
yes
yes
disabled
disabled
disabled
Weakest
Strongest