Connecting to devices using ssh – Avocent CPS1610 CPS User Manual

24

CPS Installer/User Guide

Connecting to devices using SSH

The CPS supports version 2 of the SSH (Secure Shell) protocol (SSH2). The CPS
SSH server operates on the standard SSH port 22. The shell for this connection
provides a CLI prompt as if you had established a Telnet connection on port
23. The shell request for this connection is for CLI access.

Additional CPS SSH servers operate on TCP ports that are numbered with
values 100 greater than the standard 30xx Telnet ports for the CPS. For
example, if port 7 is configured for Telnet access on port 3007, then port 3107
will be a direct SSH connection for port 7. When SSH is enabled, connecting to
Telnet port 23 can be tunneled via a connection to SSH port 22.

Telnet, DSView and SSH clients may authenticate using a specified DS

authentication server.

SSH server keys

When SSH is enabled for the first time, the CPS generates an SSH server key.
The key generation process may take up to ten minutes. The key is computed
at random and is stored in the CPS configuration database.

In most cases, the SSH server key should not be modified because most SSH
clients will associate the key with the IP address of the CPS. During the first
connection to a new SSH server, the client will display the SSH server key and
ask if you want to store it on the SSH client. After the first connection, most
SSH clients will validate the key when connecting to the CPS. This provides
an extra layer of security because the SSH client can verify the key sent by the
server each time it connects.

If you disable SSH and later reenable it, you may either use the existing server

key or compute a new one. If you are reenabling the same server at the same

IP address, it is recommended that you use the existing key, as SSH clients may

be using it for verification. If you are moving the CPS to another location and

changing the IP address, you may want to generate a new SSH server key.

Authenticating an SSH user

SSH is enabled and disabled with the Server SSH command. When you enable

SSH, you may specify the authentication method(s) that will be used for SSH

connections. The method may be a password, an SSH key or both. A user’s

password and SSH key are specified with a User Add or User Set command. All

SSH keys must be RSA keys. DSA keys are not supported.

The following table lists and describes the valid SSH authentication methods

that can be specified with a Server SSH command.