Confi gure > ssh server 4.84 – Westermo MR Series User Manual

248

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Confi gure > SSH server

4.84

The SSH (Secure Shell) server allows remote peers to access the unit over a secure TCP connec-
tion using a suitable SSH client. The SSH server provides a Telnet-like interface and secure file trans-
fer capability.

SSH uses a number of keys during a session. The host keys are used for authentication purposes.
Keys unique to each SSH session are also generated, and are used for encryption/authentication
purposes.

The unit supports SSH V1.5 and SSH V2. The host key file format differs for each version, but there
would normally only be one host key for each version. For this reason, the unit allows the user to
configure two host key files. These keys may be changed from time to time, specifically if it is sus-
pected that the key has become compromised. Because the host keys need to be secure, it is highly
recommended to store the files on the unit FLASH using filenames prefixed with “priv”, which
makes it impossible to read the file using any of the normal methods (e.g. FTP). It is possible (using
the genkey command) to create host keys in either format for use with SSH. Using this utility, it
is not necessary to have the host key files present on any other storage device (thus providing an
additional level of security). Refer to the section on Certificates for information on how to generate
a private key file.

Unlike the Telnet server, it is possible to configure the number of SSH server sockets that listen for
new SSH connections.

It is possible to configure which authentication methods are able to be used in an SSH session and
the preferred selection order. The unit currently supports MD5, SHA1, MD5-96, and SHA1-96. If
required, a public/private key pair can be used for authentication.

The unit currently only supports the 3DES and 3DES-CBC cipher methods.

DEFLATE compression is also supported. If this is enabled and negotiated, SSH packets are first
compressed before being encrypted and delivered to the remote via the TCP socket.

Note:
The SSH server supports the SCP file copy protocol but does NOT support filename wild
cards. Addi tionally, there is no support at present for secure FTP or port forwarding.

Using the Web Page(s)

The Configure > SSH server page allows you to set the parameters for SSH server operation:

Server Port:

The TCP port number that the SSH server will use to listen for incoming connections.

Number of listening sockets:

This parameter specifies the number of sockets listening for new SSH connections on port 22
(the standard SSH port).

Version 1.5 enabled:

When set to “Yes”, this parameter allows the server to negotiate SSH V1.5. The unit must also
have an SSH V1 key present and the filename entered into the SSH configuration.

Version 2.0 enabled:

When set to “Yes”, this parameter allows the server to negotiate SSH V2.0. The unit must also
have an SSH V2 key present and the filename entered into the SSH configuration.

Host key #1 filename:

This is the filename of either an SSH V1 host key or an SSH V2 host key. It is highly recommend-
ed that the filename be prefixed with “priv” to ensure that the key is not compromised. This key
is generated on the Configure > Certificates > Utilities page.