Performing advanced configuration, Telnet configuration settings, Secure shell (ssh) settings – Proxim ORINOCO AP-2000 User Manual
Page 56
56
Performing Advanced Configuration
Telnet Configuration Settings
•
Telnet Interface Bitmask: Select the interface (Ethernet, Wireless-Slot A, Wireless-Slot B, All Interfaces) from
which you can manage the AP via telnet. This parameter can also be used to Disable telnet management.
•
Telnet Port: The default port number for Telnet applications is 23. However, you can use this field if you want to
change the Telnet port for security reasons (but your Telnet application also must support the new port number you
select). You must reboot the Access Point if you change the Telnet Port.
•
Login Idle Timeout (seconds): Enter the number of seconds the system will wait for a login attempt. The AP
terminates the session when it times out. The range is 1 to 300 seconds; the default is 30 seconds.
•
Session Idle Timeout (seconds): Enter the number of seconds the system will wait during a session while there
is no activity. The AP will terminate the session on timeout. The range is 1 to 36000 seconds; the default is 900
seconds.
Secure Shell (SSH) Settings
The AP supports SSH version 2, for secure remote CLI (Telnet) sessions. SSH provides strong authentication and
encryption of session data.
The SSH server (AP) has host keys - a pair of assymetric keys - a private key that resides on the AP and a public
key that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys,
the client can verify that it is communicating with the correct SSH server. The client authentication can be performed in
two ways:
•
Using asymmetric keys. This method requires all the client keys to be installed on the AP.
•
Using a username/password pair to authenticate the user over a secure channel created using SSH.
SSH Session Setup
An SSH session is setup through the following process:
•
The SSH server public key is transferred to the client using out-of-band or in-band mechanisms.
•
The SSH client verifies the correctness of the server using the server’s public key.
•
The user/client authenticates to the server.
•
An encrypted data session starts. The maximum number of SSH sessions is limited to two. If there is no activity for
a specified amount of time (the Telnet Session Timeout parameter), the AP will timeout the connection.
SSH Clients
The following SSH clients have been verified to interoperate with the AP’s server. The following table lists the clients,
version number, and the website of the client.
For key generation, OpenSSH client has been verified.
Configuring SSH
Perform the following procedure to enable or disable SSH and set the SSH host key:
1. Click Configure -> Management -> Services.
2. To enable SSH, select “Enable” from the Enable SSH (Secure Shell) drop down menu.
NOTE
When Secure Management is enabled on the AP, SSH will be enabled by default and cannot be disabled.
3. Select the SSH Host Key Status from the drop-down menu.
Host keys must either be generated externally and uploaded to the AP (see
Uploading Externally Generated Host
), generated manually, or auto-generated at the time of SSH initialization if SSH is enabled and no host keys are
present. There is no key present in an AP that is in a factory default state.
Clients
Version
Website
OpenSSH
V3.4-2
http://www.openssh.com
Putty
Rel 0.53b
http://www.chiark.greenend.org.uk
Zoc
5.00
http://www.emtec.com
Axessh
V2.5
http://www.labf.com