Terminal commands, Connecting via telnet, Connecting via ssh – Enterasys Networks Security Router X-PeditionTM User Manual

Utilizing the Command Line Interface

XSR User’s Guide 2-3

Terminal Commands

If you want to display identification information about the current terminal connection, issue the

show whoami

command. Refer to the XSR Getting Started Guide and XSR CLI Reference Guide for

more information on commands.

Connecting via Telnet

Once the XSR is properly configured with a valid IP address, you can remotely connect to the CLI
via Telnet using the default user admin with no password. Later, you can create users with the

username

command.

Although up to five concurrent Telnet/SSH and one Console sessions are supported, if more than
one session is running simultaneously (including the Console session), only one session permits
configuration changes. Any other session could only view configuration settings. This prohibition
applies to all commands that make changes to the configuration and is limited to Global mode.
For example, if a user is in Global mode and another user tries to enter Global mode, the second
user will get the following error message:

XSR#config

Configuration is currently locked by user admin. Please try later.

Also, in order to ensure that an administrator can always login to the router, one of the five
permitted Telnet or SSH sessions is always reserved for the administrator.

That is, if the first four sessions are regular users, the fifth session will allow only the
administrator to login. But if one of the first four is logged in as administrator, then the fifth
session can be any user. You can also Telnet from the XSR to a server by using the

telnet

ip_address

command. It is a useful utility for diagnostics. Be aware that the router will try to

make a Telnet connection for 70 seconds.

Connecting via SSH

Secure Shell (SSH v2) encrypts the link to the XSR so it is a more secure alternative to Telnet for
remote connections. To activate SSH, invoke the following commands:

•

Create a host key pair with

crypto key dsa generate

•

Add an AAA user including a password and privilege level with

aaa user

,

password

and

privilege 15.

You can also create a user in the CLI database with the

username

command.

•

Enable SSH access with

policy ssh

•

Enable local authentication with

aaa client ssh

•

Load an SSH client application on your PC to connect with the XSR

•

Optionally, you can disable Telnet with

ip telnet server disable

for higher security

•

Optionally, if you are enabling the firewall feature set you can configure an Access Control List
(ACL) to allow a single host SSH access to the XSR by entering these commands:

XSR(config)#access-list 100 permit tcp host 192.168.1.10 eq 22
XSR(config)#access-list 100 deny tcp any host 192.168.1.10 eq 22
XSR(config)#access-list 100 permit ip any
XSR(config)#interface fastethernet 1
XSR(config-if<F1>)#ip access-group 100 in