beautypg.com

Guralp Systems CMG-DCM build <10,000 User Manual

Page 68

background image

CMG-EAM (Platinum Firmware)

The ssh server, sshd, can not currently be configured using gconfig

although it can be configured via the web interface. If web access is
unavailable, it is possible to configure sshd from the command line by

directly editing the configuration files.

6.5.1 Configuring sshd via the web interface

From the main screen of the web interface, under Configuration,

Networking, select “SSH server”. The screen is not reproduced in this
document as it is particularly large, due to the amount of explanatory

text. Each option is, however, discussed below.

The version of sshd installed (openSSH) supports both version 1 and
version 2 of the ssh protocol. Version 1 has some well-known

weaknesses and should be avoided if at all possible, but some
commercially available systems still do not support v2, so v1 is
supported here for compatibility. The Enable SSH Protocol v1 check-

box should be cleared unless your ssh client cannot support v2 or
cannot be upgraded to support it. Click the Change server options
button to commit this change.

If you want to download the ssh server's public key to allow the

connecting host to check and verify the CMG-EAM's identity, use the
relevant Download server public key button – there is one each for
protocol versions 1 and 2. There is also the capability to command the

CMG-EAM to create a new private/public key pair from this screen.

To configure password-less login to the CMG-EAM, you can upload the
public key of the connecting machine to the CMG-EAM using the New
client key section. Browse the connecting host's file system for the key
file (usually named id_dsa.pub) and upload it here. This will allow

password-less root access to the system from that machine.

Client keys which have been uploaded are displayed in the Authorised
client keys section. Any existing authorised keys can be removed:

Select the check-box next to the key you wish to remove and click
Remove selected keys.

68

Issue C

Note: password-less login via ssh v2 is, perhaps counter-
intuitively, the most secure way to access your CMG-EAM.

There is a useful discussion of the ssh protocol and full details
of its usage at the site http://tinyurl.com/whyssh

This manual is related to the following products:
See also other documents in the category Guralp Systems Equipment: