Home » Lantronix Manuals » Electronics Accessories » Lantronix IntelliBox-I/O » Manual Viewer

Lantronix IntelliBox-I/O IntelliBox-I/O - User Guide - Page 165

SSH, How Does SSH Authenticate?, What Does SSH Protect Against?, B: Networking and Security

View all Lantronix IntelliBox-I/O manuals

Add to My Manuals
Save this manual to your list of manuals

Page 165 highlights

B: Networking and Security Certificate provides the receiver with a way to encode a reply. Digital Certificates come in 40-bit and 128-bit versions. There are two principal ways to obtain a Digital Certificate. It can be bought from a certificate vendor or a user can "self-sign" his or her own certificate. With the latter method, a user can use various tools, both open source and proprietary, to sign his or her own Digital Certificate, saving the time and expense of going through a certificate vendor. SSH Like SSL, Secure Shell (SSH) is a protocol that provides secure encrypted communications over unsecured TCP/IP networks such as the Internet. SSH allows for secure access to remote systems, eliminating potential security breaches such as spoofing and eavesdropping or hijacking of sessions. However, SSH differs significantly from SSL and, in fact, cannot communicate with SSL. The two are different protocols, though they have some overlap in how they accomplish similar goals. How Does SSH Authenticate? SSH authenticates using one or more of the following:  Password (the /etc/passwd or /etc/shadow in UNIX)  User public key (RSA or DSA, depending on the release)  Host based (.rhosts or /etc/hosts.equiv in SSH1 or public key in SSH2) What Does SSH Protect Against? SSH provides strong authentication and secure communications over insecure channels. It also provides secure connections that protect a network from attacks such as:  IP spoofing, where a remote host sends packets that pretend to originate from another, trusted host. SSH even protects against a spoofer on the local network that is pretending to be a router to the outside.  IP source routing, where a host pretends that an IP packet comes from another, trusted host.  DNS spoofing, where an attacker forges name server records.  Interception of cleartext passwords and other data by intermediate hosts.  Manipulation of data by people in control of intermediate hosts.  Attacks based on listening to authentication data and spoofed connections to the server. IntelliBox-I/O 2100 User Guide 165

Section	Page
IntelliBox-I/O 2100 User Guide	1
Copyright & Trademark	2
Warranty	2
Patents	2
Contacts	2
Disclaimer & Revisions	2
Revision History	3
Contents	4
List of Figures	10
List of Tables	12
1: Preface	14
Purpose and Audience	14
Summary of Chapters	14
Additional Documentation	15
2: Introduction	16
IntelliBox-I/O 2100 Overview	16
Features	17
Typical Devices	17
EventTrak™ Overview	19
Evolution OS™	19
Web-Based Configuration and Troubleshooting	19
Command-Line Interface (CLI)	20
SNMP Management	20
XML-Based Architecture and Device Control	20
Really Simple Syndication (RSS)	20
Enterprise-Grade Security	20
Troubleshooting Capabilities	21
Applications	21
Building Automation/Security	22
Industrial Automation	22
Medical/Healthcare	22
Retail Automation/Point-of-Sale	22
Traffic Management	23
Product Information Label	23
3: EventTrak	24
Overview	24
Automated Device Management, Monitoring, and Control	24
Automated Reporting	24
Examples	24
Industrial	24
Other Examples	25
Inputs and Outputs	26
Events	26
Actions	26
Chain Definitions	26
Automated Reporting	27
4: Installation	28
Package Contents	28
User-Supplied Items	28
Identifying Hardware Connectors	29
Screw Terminal Serial Connectors	30
Ethernet Port	30
Terminal Block Power Connector	31
Digital I/Os	31
Relay Port	32
LEDs	32
Reset Button	33
Physically Installing the IntelliBox-I/O 2100	33
Finding a Suitable Location	33
Connecting the IntelliBox-I/O 2100	33
5: Getting Started	35
Using DeviceInstaller	35
Starting DeviceInstaller	35
Viewing IntelliBox-I/O 2100 Properties	37
Configuration Methods	38
Configuring from the Web Manager Interface	38
Configuring via an SSH/Telnet Session or Serial Port Using the CLI	39
Configuring from the XML Interface	39
6: Configuration Using the Web Manager	40
Accessing the Web Manager through a Web Browser	40
Navigating Through the Web Manager	42
Understanding the Web Manager Pages	49
Device Status Page	50
7: Network, Serial Line, Tunnel, and Modbus Settings	51
Network Configuration Page	51
Line Settings Pages	54
Line - Configuration Page	55
Line – Command Mode Page	58
Tunnel Pages	60
Tunnel – Statistics Page	60
Tunnel – Serial Settings Page	61
Tunnel – Start/Stop Characters Page	62
Tunnel – Accept Mode Page	64
Tunnel – Connect Mode Page	67
Tunnel – Disconnect Mode Page	70
Tunnel – Packing Mode Page	71
Tunnel – Modem Emulation Page	72
Modbus Pages	74
Modbus – Statistics Page	74
Modbus – Configuration Page	75
8: Terminal and Host Settings	76
Terminal Settings	76
Host Configuration	78
9: Services Settings	79
DNS Page	79
SNMP Page	80
FTP Page	82
TFTP Page	83
Syslog Page	84
HTTP Pages	85
HTTP Statistics Page	85
HTTP Configuration Page	85
HTTP Authentication Page	88
RSS Page	90
LPD Pages	91
10: Security Settings	94
SSH Pages	94
SSH Server: Host Keys Page	94
SSH Client: Known Hosts Page	97
SSH Server: Authorized Users Page	98
SSH Client: Users Page	99
SSL Page	101
11: Maintenance and Diagnostics Settings	104
Filesystem Pages	104
Filesystem Statistics Page	104
Filesystem Browser Page	105
Diagnostics Pages	107
Diagnostics: Hardware Page	107
MIB-II Network Statistics Page	108
IP Sockets Page	109
Diagnostics: Ping Page	110
Diagnostics: Traceroute Page	111
Diagnostics: DNS Lookup Page	112
Diagnostics: Memory Page	113
Diagnostics: Buffer Pool	114
Diagnostics: Processes Page	115
System Page	117
Query Port Page	118
12: Advanced Settings	120
Input/Output Page	120
Input/Output Page	120
Email Pages	122
Email Statistics Page	122
Email Configuration Page	122
CLI Pages	125
Command Line Interface Statistics Page	125
Command Line Interface Configuration Page	126
XML Pages	129
XML Configuration Record: Export System Configuration Page	129
XML Status Record: Export System Status	131
XML: Import System Configuration Page	133
Protocol Stack Page	135
IP Address Filter Page	138
13: EventTrak Pages	139
EventTrak – Status Page	140
EventTrak – Monitoring Page	141
Match String Examples	143
EventTrak – Control Page	144
14: Updating Firmware	150
Obtaining Firmware	150
Upgrading Using DeviceInstaller	150
Loading New Firmware	150
Updating Firmware	150
A: Factory Default Configuration	151
CLI Settings	151
Diagnostics Settings	151
Email Settings	152
EventTrak Settings	152
FTP Settings	153
HTTP Settings	153
Input/Output Settings	154
IP Address Filter Settings	154
Modbus Settings	154
Network Configuration Settings	155
Query Port Settings	155
RSS Settings	156
Serial Port Line Settings	156
Configuration	156
Command Mode	157
SNMP Settings	157
Syslog Settings	158
System Settings	158
TFTP Settings	158
Tunnel Settings	159
Serial Settings	159
Start/Stop Characters	159
Accept Mode	159
Connect Mode	160
Disconnect Mode	161
Packing Mode	161
Modem Emulation	161
AES Keys	162
B: Networking and Security	163
SSL	163
Benefits of SSL	163
How SSL Works	164
Digital Certificates	164
SSH	165
How Does SSH Authenticate?	165
What Does SSH Protect Against?	165
Tunneling	166
Tunneling and the IntelliBox	167
Connect Mode	167
Accept Mode	168
Disconnect Mode	169
Packing Mode	169
Modem Emulation	169
Command Mode	170
C: Modbus	172
Overview	172
Examples	173
Modbus/TCP Master Talking to Modbus/TCP Slave	173
Modbus/TCP Master Talking to Modbus/RTU Serial Slave	173
Local Slave	174
D: Technical Specifications	175
E: Isolated I/O Specifications	178
Absolute Maximum Ratings	178
Electrical Characteristics	179
F: State Diagram Template	183
G: Technical Support	184
H: Compliance	185
Declaration of Conformity	185
I: Warranty	187

Match case Limit results 1 per page

B: Networking and Security

IntelliBox-I/O 2100 User Guide

165

Certificate provides the receiver with a way to encode a reply. Digital Certificates come in

40-bit and 128-bit versions.

There are two principal ways to obtain a Digital Certificate. It can be bought from a

certificate vendor or a user can "self-sign" his or her own certificate. With the latter

method, a user can use various tools, both open source and proprietary, to sign his or her

own Digital Certificate, saving the time and expense of going through a certificate vendor.

SSH

Like SSL, Secure Shell (SSH) is a protocol that provides secure encrypted

communications over unsecured TCP/IP networks such as the Internet. SSH allows for

secure access to remote systems, eliminating potential security breaches such as

spoofing and eavesdropping or hijacking of sessions. However, SSH differs significantly

from SSL and, in fact, cannot communicate with SSL. The two are different protocols,

though they have some overlap in how they accomplish similar goals.

How Does SSH Authenticate?

SSH authenticates using one or more of the following:



Password (the /etc/passwd or /etc/shadow in UNIX)



User public key (RSA or DSA, depending on the release)



Host based (.rhosts or /etc/hosts.equiv in SSH1 or public key in SSH2)

What Does SSH Protect Against?

SSH provides strong authentication and secure communications over insecure channels.

It also provides secure connections that protect a network from attacks such as:



IP spoofing, where a remote host sends packets that pretend to originate from

another, trusted host. SSH even protects against a spoofer on the local network that

is pretending to be a router to the outside.



IP source routing, where a host pretends that an IP packet comes from another,

trusted host.



DNS spoofing, where an attacker forges name server records.



Interception of cleartext passwords and other data by intermediate hosts.



Manipulation of data by people in control of intermediate hosts.



Attacks based on listening to authentication data and spoofed connections to the

server.