Using security lock-out – Avocent CPS1610 CPS User Manual

Chapter 3: Operations

35

Since the CPS allows multiple connection modes to operate concurrently, you

can specify multiple encryption types. For example, the following command

enables connections via Telnet and via DSView SSL Telnet using Triple DES

or RC4 encryption.

server security encrypt=none,3des,128

The following command enables connections via DSView SSL Telnet using

only DES. SSH2 client connections are also enabled, but plain text Telnet

sessions are not allowed.

server security encrypt=des,ssh

The following command enables connections via SSH2 clients only. Plain text

Telnet and Avocent SSL connections will be refused.

server security encrypt=ssh

To specify encryption method(s):

Issue a Server Security command, using the Encrypt parameter to specify one

or more encryption algorithm values, separated by commas.

SERVER SECURITY ENCRYPT=<encrypt>

If you specify DS authentication and do not specify an encryption algorithm, a

default value of 128,3DES,DES is used.

If you disable authentication (Auth=None), you cannot specify any encryption.

You may disable encryption for all authentication methods except DS.

For more information, see Server Security command in Chapter 5.

To display encryption confi guration information:

Issue a Show Server Security command.

SHOW SERVER SECURITY

For more information, see Show Server Security command in Chapter 5.

Using Security Lock-out

When the Security Lock-out feature is enabled, a user will be locked-out after

five consecutive authentication failures. A successful authentication will

reset the counter to zero. You may configure a lock-out period of from 1-99

hours. Specifying a lock-out period of Ø disables the feature; that is, users

will not be locked-out.