Home » Lantronix Manuals » Electronics Accessories » Lantronix SLC 32 » Manual Viewer

Lantronix SLC 32 Lantronix SLC - User Guide - Page 168

SSH Keys, Imported Keys

Add to My Manuals
Save this manual to your list of manuals

Page 168 highlights

12: User Authentication SSH Keys The SLC console manager can import and export SSH keys to facilitate shared key authentication for all incoming and outgoing SSH connections. By using a public/private key pair, a user can access multiple hosts with a single passphrase, or, if a passphrase is not used, a user can access multiple hosts without entering a password. In either case, the authentication is protected against security attacks because both the public key and the private key are required to authenticate. For both imported and exported SSH keys, the SLC device supports both RSA and DSA keys, and can import and export keys in OpenSSH and SECSH formats. Imported and exported keys are saved with the SLC configuration, and the administrator has the option of retaining the SSH keys during a reset to factory defaults. The SLC console manager can also update the SSH RSA1, RSA and DSA host keys that the SSH server uses with site-specific host keys or reset them to the default values. Imported Keys Imported SSH keys must be associated with an SLC local user. The key can be generated on host "MyHost" for user "MyUser," and when the key is imported into the SLC unit, it must be associated with either "MyUser" (if "MyUser" is an existing SLC local user) or an alternate SLC local user. The public key file can be imported via SCP or FTP; once imported, you can view or delete the public key. Any SSH connection into the SLC console manager from the designated host/user combination uses the SSH key for authentication. Exported Keys The SLC device can generate SSH keys for SSH connections out of the SLC console manager for any SLC user. The SLC unit retains both the private and public key on the SLC console manager, and makes the public key available for export via SCP, FTP, or copy and paste. The name of the key is used to generate the name of the public key file that is exported (for example, .pub), and the exported keys are organized by user and key name. Once a key is generated and exported, you can delete the key or view the public portion. Any SSH connection out of the SLC device for the designated host/user combination uses the SSH key for authentication. SLC™ Console Manager User Guide 168

Section	Page
SLC Console Manager User Guide	1
Copyright and Trademark	2
Warranty	2
Open Source Software	2
Contacts	2
Disclaimer and Revisions	2
Revision History	3
Table of Contents	4
List of Figures	11
List of Tables	14
1: About This Guide	15
Chapter Summaries	15
Conventions	17
Additional Documentation	17
2: Overview	18
SLC Models and Part Numbers	18
System Features	20
Protocols Supported	21
Access Control	21
Device Port Buffer	21
Configuration Options	21
Hardware Features	22
Serial Connections	22
Network Connections	23
PC Card Interface	23
USB Port	24
3: Installation	25
What’s in the Box	25
Product Information Label	26
Technical Specifications	26
Physical Installation	27
Connecting to Device Ports	27
Connecting to Network Ports	28
Connecting to Terminals	28
Power	28
AC Input	28
DC Input	29
4: Quick Setup	30
Recommendations	30
IP Address	30
Front Panel LCD Display and Pushbuttons	31
Navigating	32
Entering the Settings	32
Restoring Factory Defaults	34
Next Step	39
5: Web and Command Line Interfaces	40
Web Interface	40
Logging In	42
Logging Off	42
Web Page Help	42
Command Line Interface	42
Logging In	43
Logging Out	43
Command Syntax	43
Command Line Help	44
Tips	44
General CLI Commands	45
6: Basic Parameters	47
Requirements for IP Address Assignment	47
Network Settings	48
Ethernet Bonding	48
Ethernet Interfaces	50
Gateway	51
Hostname & Name Servers	52
Ethernet Counters	52
Network Commands	53
IP Filters	53
Enabling IP Filters	53
Configuring IP Filters Rulesets	54
Rule Parameters	55
Viewing IP Filter Rulesets and Mapping	57
IP Filter Commands	58
Routing	58
Routing Commands	60
7: Services	61
SSH/Telnet/Logging	61
System Logging	62
SSH	63
Telnet	63
Audit Log	64
Web SSH/Web Telnet	64
SMTP	64
Phone Home	64
SSH, Telnet, and Logging Commands	64
SNMP	65
Communities	66
Version 3	66
V3 Read-Only User	67
V3 Read-Write User	67
SNMP Commands	67
NFS and SMB/CIFS	67
NFS Mounts	68
SMB/CIFS Share	69
NFS and SMB/CIFS Commands	69
Secure Lantronix Network	69
Secure Lantronix Network Commands	72
Date and Time	72
Date and Time Commands	74
Web Server	74
Web Server Commands	77
Google Gadgets	77
8: Devices	79
Connection Methods	79
Permissions	80
Device Status	80
Device Ports	81
IP Settings	86
Data Settings	86
Hardware Signal Triggers	87
Modem Settings	88
Modem Settings: Text Mode	89
Modem Settings: PPP Mode	89
Port Status and Counters	91
Device Port – SLP Power Manager	92
SLP Status/Info	93
SLP Commands	94
Device Port – Sensorsoft Device	94
Device Port Commands	96
Device Ports – Logging	96
Local Logging	96
NFS File Logging	96
PC Card Logging	97
USB Port Logging	97
Email/SNMP Notification	97
Syslog Logging	97
Local Logging	98
Email Traps	99
Log Viewing Attributes	100
NFS File Logging	100
PC Card Logging	100
USB Logging	101
Syslog Logging	101
Logging Commands	101
Console Port	102
Console Port Commands	103
Host Lists	103
Host Parameters	104
Host List Commands	105
Scripts	105
Batch Script Syntax	108
Interface Script Syntax	108
Definitions	109
Primary Commands	109
Secondary Commands	111
Control Flow Commands	112
Sample Scripts	114
Interface Script—Monitor Port	114
Batch Script—SLC CLI	116
9: PC Cards	118
Set Up of PC Card Storage	118
Modem Settings	120
Data Settings	123
ISDN Settings	123
GSM/GPRS Settings	123
Text Mode	124
PPP Mode	124
IP Settings	125
PC Card Commands	126
10: USB Port	127
Set Up of USB Storage	127
Manage Firmware and Configuration Files	129
USB Commands	130
11: Connections	132
Types of Endpoints and Connections	132
Typical Configurations of SLC Connections	132
Terminal Server	132
Remote Access Server	133
Reverse Terminal Server	133
Multiport Device Server	134
Console Server	134
Connection Configuration	136
Connection Commands	138
12: User Authentication	139
Overview of Authentication	139
User Rights	140
Authentication Methods	141
Authentication Commands	143
Local and Remote Users	143
Local/Remote User Settings	145
Local/Remote Users Commands	148
NIS	149
NIS Commands	152
LDAP	152
Schema Permissions versus Default User Rights	153
User Attributes and Permissions from LDAP Schema	157
LDAP Commands	157
RADIUS	157
RADIUS Commands	161
Kerberos	161
Kerberos Commands	164
TACACS+	164
TACACS+ Commands	167
SSH Keys	168
Imported Keys	168
Exported Keys	168
Imported Keys (SSH In)	170
SSH Commands	173
Custom User Menus	173
Custom User Menus Commands	175
13: Maintenance	177
Firmware and Configurations	177
General	179
SLC Firmware	179
Load Firmware Via Options	179
Boot Banks	180
Configuration Management	180
Firmware and Configurations Commands	182
System Logs	183
System Logs Commands	185
Audit Log	185
Audit Log Commands	186
Email Log	186
Email Log Commands	186
Diagnostics	187
Diagnostics Commands	190
Status/Reports	190
View Report	191
Status/Reports Commands	193
Events	193
Events Commands	194
Banners	195
Banner Commands	196
LCD and Keypad	196
LCD/Keypad Commands	197
14: Application Examples	198
Telnet/SSH to a Remote Device	198
Dial-in (Text Mode) to a Remote Device	200
Local Serial Connection to Network Device via Telnet	201
15: Command Reference	203
Introduction to Commands	203
Command Syntax	203
Command Line Actions and Categories	204
Tips	204
Deprecated Commands	205
Administrative Commands	205
Audit Log Commands	213
Authentication Commands	213
CLI Commands	214
Connection Commands	216
Console Port Commands	219
Custom User Menu Commands	219
Date and Time Commands	221
Device Commands	222
Device Port Commands	223
Diagnostic Commands	227
Email Log Commands	229
Events Commands	229
Host List Commands	231
IP Filter Commands	232
Kerberos Commands	234
LDAP Commands	234
Local Users Commands	235
Log Commands	238
Network Commands	240
NFS and SMB/CIFS Commands	242
NIS Commands	244
PC Card Commands	245
RADIUS Commands	248
Remote Users Commands	249
Routing Commands	250
Script Commands	251
Services Commands	252
SLC Network Commands	254
SSH Key Commands	254
Status Commands	257
System Log Commands	257
TACACS+ Commands	258
Temperature Commands	258
USB Commands	259
User Permissions Commands	262
Appendix A: Bootloader	263
Accessing the Bootloader	263
Bootloader Commands	263
Administrator Commands	264
Appendix B: Security Considerations	265
Security Practice	265
Factors Affecting Security	265
Appendix C: Safety Information	266
Cover	266
Power Plug	266
Input Supply	266
Grounding	267
Fuses	267
Rack	267
Port Connections	268
Appendix D: Sicherheitshinweise	269
Geräteabdeckung	269
Netzstecker	269
Stromversorgung	270
Anschluß an die Schutzerde	270
Gerätesicherung	270
Rack / Einbauschrank	270
Signalverbindungen	271
Appendix E: Adapters and Pinouts	272
Appendix F: Protocol Glossary	277
Appendix G: Compliance Information	282
Appendix H: DC Connector Instructions	285
Appendix I: LDAP Schemas	288
Installing Schema Support in Window AD Server	288
Creating the SLC Schema Attribute	292
Adding the Attribute to the Users Group in Windows	293
Adding the Permissions to the Individual User	296
Values to Use	298

Match case Limit results 1 per page

12: User Authentication

SLC™ Console Manager User Guide

168

SSH Keys

The SLC console manager can import and export SSH keys to facilitate shared key authentication

for all incoming and outgoing SSH connections. By using a public/private key pair, a user can

access multiple hosts with a single passphrase, or, if a passphrase is not used, a user can access

multiple hosts without entering a password. In either case, the authentication is protected against

security attacks because both the public key and the private key are required to authenticate.

For both imported and exported SSH keys, the SLC device supports both RSA and DSA keys, and

can import and export keys in OpenSSH and SECSH formats. Imported and exported keys are

saved with the SLC configuration, and the administrator has the option of retaining the SSH keys

during a reset to factory defaults.

The SLC console manager can also update the SSH RSA1, RSA and DSA host keys that the SSH

server uses with site-specific host keys or reset them to the default values.

Imported Keys

Imported SSH keys must be associated with an SLC local user. The key can be generated on host

“MyHost” for user “MyUser,” and when the key is imported into the SLC unit, it must be associated

with either “MyUser” (if “MyUser” is an existing SLC local user) or an alternate SLC local user.

The public key file can be imported via SCP or FTP; once imported, you can view or delete the

public key. Any SSH connection into the SLC console manager from the designated host/user

combination uses the SSH key for authentication.

Exported Keys

The SLC device can generate SSH keys for SSH connections out of the SLC console manager for

any SLC user. The SLC unit retains both the private and public key on the SLC console manager,

and makes the public key available for export via SCP, FTP, or copy and paste. The name of the

key is used to generate the name of the public key file that is exported (for example,

<keyname>.pub), and the exported keys are organized by user and key name. Once a key is

generated and exported, you can delete the key or view the public portion. Any SSH connection

out of the SLC device for the designated host/user combination uses the SSH key for

authentication.