Westermo MR Series User Manual

251

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Complete SSH Confi guration

4.84.1

In order to completely configure SSH, you will need to generate an SSH version 1 key and an SSH
version 2 key, and then configure the unit to use these keys as the host keys. The sections below
show how to do this using both the Web interface and the Command Line Interface.

Note:
SSH version 2 is more secure than SSH version 1. For that reason, Westermo recommends the
use of SSH version 2 keys wherever possible. However, since some SSH clients may require
version 1 keys, the unit supports both SSH version 1 and SSH version 2.

Note:
The key filename cannot be more than 12 characters in length. This includes the extension and
extension separator “.”.

Using the Web Interface

On the Configure > Certificates > Utilities page, select the size for the key file from the drop-
down list. The larger the size of the key file, the more secure it will be.

Enter the name for the key file in the Private key filename field. The filename should be pre fixed
with “priv” and have a “.pem” extension, e.g. “privssh1.pem”.

Check the Save in SSHv1 format checkbox in order to generate an SSH version 1 key. Click the
Generate Private Key button in order to create the private key file. The key file will be stored in the
unit’s flash memory.

Repeat steps 1 to 3 in order to generate the second key. However, ensure the Save in SSHv1 for-
mat checkbox is cleared in order to generate an SSH version 2 key. Give the second key a different
name than the first key. Remember to prefix the file name with “priv” and give it a “.pem” extension,
e.g. “privssh2.pem”.

On the Configure > SSH server page, enter the filename of the key generated in step 3 in the
Host key #1 filename field, and the filename of the key generated in step 4 in the Host key #2
filename field.

Save the configuration by first clicking the OK button at the bottom of the page, and then click ing
the save to flash link.

Using the Command Line Interface

Generate the SSH V1 private key using the genkey command in the format:
genkey <size> <filename> -ssh1

, where:

<size>

is one of 384, 512, 768, 1024, 1536, or 2048, and

<filename>

is the name for the private key file. The filename should be prefixed with “priv”

and have a “.pem” extension, e.g. “privssh1.pem”.
For example, genkey 1024 privssh1.pem

Generate the SSH V2 private key using the genkey command. For example:
genkey 1024 privssh2.pem

Set the first private key as the SSH Host key #1 using the ssh command in the format:
ssh 0 hostkey1 <filename>

where <filename> is the name of the private key file gen-

erated in step 1. For example, ssh 0 hostkey1 privssh1.pem

Set the second private key as the SSH Host key #2 using the ssh command. For example:
ssh 0 hostkey2 privssh2.pem

Save the configuration:
config 0 save