2 ssh host keys, 10 gui settings, 11 backup – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 1: The System Menu

22

Allow public key based authentication
Logins with public keys are allowed. The public keys of the clients that can login using key authentication must be added
to the file

/root/.ssh/authorized_keys.

Save
Click on this button at the bottom of the box to save the setting of the above four options.

Note: The SSH access is automatically activated when at least one of the following options is true:

▪ HENGE

TM

support team access is allowed in Menubar

► System ► Support.

▪ High availability is enabled in Menubar ► Services ► High Availability.

▪ SSH access is enabled in Menubar ► System ► HENGE

TM

Network

► Remote Access.

1.9.2 SSH host keys

At the bottom of the page, a box details the public SSH host keys of the appliance, that have been generated during the
first start of the openSSH server, along with their fingerprints and their size in bits.

Example SYS-1 - Traffic Tunnelling over SSH.
Assume that a service such as telnet (or any other service that can be tunneled through SSH) is running on a computer
inside the GREEN zone, say port 23 on host myhost with IP address 10.0.0.20. To setup a SSH tunnel through the IFA
3610/IFA 2610/IFA 1610 appliances to access the service securely from outside the LAN, i.e., from the RED zone. While
GREEN access from the RED interface is in general not recommended, it might prove useful in some cases, for example
during the testing phase of a service.

1. Enable SSH and make sure the host can be accessed, i.e., configure the firewall in Menubar

► Firewall ► System

access for myhost to be reachable from the outside.

2. From an external system connect to the appliance using the command ssh -N -f -L 12345:10.0.0.20:23 root@

appliance where -N tells SSH not to execute commands, but just to forward traffic, -f makes SSH run in the
background and -L 12345:10.0.0.20:23 maps the external system’s port 12345 to port 23 on myhost, as it can be
seen from the appliance.

3. The SSH tunnel from port 12345 of the external system to port 23 on myhost is now established. On the external

system now it suffices to telnet to port 12345 on localhost to reach myhost.

1.10 GUI Settings

Two configuration options for the GUI are present here. The first option is the language that will be used for the section
names, the labels, and all the strings used in the web interface and can be selected from a drop-down menu. The
languages currently supported are: English, German, Italian, Simplified Chinese, Japanese, Portuguese, Russian, Spanish,
and Turkish.

The second option is to display the hostname of the appliance in the browser’s window title, activated by ticking the
checkbox Display hostname in window title.

In the Community release it is also possible to click on the Help translating this project link, which will open the
appliance translation page. Any help is appreciated!

1.11 Backup

In this section the management of the backups can be carried out: Creation of backups of the current appliance
configuration and system rollback to one of these backups when needed. Backups can be saved locally on the appliance
host, on a USB stick, or downloaded to a workstation.

It is also possible to reset the configuration to factory defaults, to create fully automated backups, and to carry out
various other administrative tasks concerning backups.

This section is organised into two tabs, Backup and Scheduled backups: The former is used to manage manual backups,
while the latter to set up automatic, scheduled backups.