beautypg.com

6 configuring the ssh server – Guralp Systems CMG-DCM build <10,000 User Manual

Page 90

background image

Acquisition Modules and Platinum Firmware

Networking Configuration

7.6

Configuring the SSH Server

The acquisition module has an ssh server running on its Ethernet port which

allows remote terminal access.

The ssh server, sshd, can not currently be configured using gconfig although

it can be configured via the web interface. If web access is unavailable, it is
possible to configure sshd from the command line by directly editing the

configuration files.

7.6.1 Configuring sshd via the web interface

To configure the SSH server from the web interface, select:

Configuration → Networking → SSH server

The screen is not reproduced in this document as it is particularly large, due

to the amount of explanatory text. Each option is, however, discussed below.

The version of sshd installed (openSSH) supports both version 1 and version

2 of the ssh protocol. Version 1 has some well-known weaknesses and should
be avoided if at all possible, but some commercially available systems still do
not support v2, so v1 is supported here for compatibility. The Enable SSH
Protocol v1 check-box should be cleared unless your ssh client cannot
support v2 or cannot be upgraded to support it. Click the Change server
options button to commit this change.

If you want to download the ssh server's public key to allow the connecting
host to check and verify the CMG-EAM's identity, use the relevant Download
server public key button – there is one each for protocol versions 1 and 2.
There is also the capability to command the CMG-EAM to create a new

private/public key pair from this screen.

To configure password-less login to the CMG-EAM, you can upload the public
key of the connecting machine to the CMG-EAM using the New client key

section. Browse the connecting host's file system for the key file (usually
named id_dsa.pub) and upload it here. This will allow password-less root

access to the system from that machine.

Uploaded client keys are displayed in the Authorised client keys section.
Any existing authorised keys can be removed: Select the check-box next to the
key you wish to remove and click Remove selected keys.

Note: Password-less login via ssh v2 is, perhaps counter-intuitively,
the most secure way to access your acquisition module. There is a

useful discussion of the ssh protocol and full details of its usage at
the site http://tinyurl.com/whyssh

MAN-EAM-0003

90

Issue E - February 2014

This manual is related to the following products:
See also other documents in the category Guralp Systems Equipment: