User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41

221

222

223

224

225

226

227

228

229

230

229

Configuration – Network > SSH Server

The secure shell (SSH) server allows remote peers to access the router over a secure TCP

connection using a suitable SSH client. The SSH server provides a Telnet-like interface and

secure file transfer capability.

SSH uses a number of keys during a session. The host keys are used for authentication

purposes. Keys unique to each SSH session are also generated and are used for

encryption/authentication purposes.

The router supports SSH v1.5 and SSH v2. The host key file format differs for each version

but there would normally only be one host key for each version. For this reason the router

allows the user to configure two host key files. These keys may be changed from time to

time, specifically if it suspected that the key has become compromised. Because the host

keys need to be secure, it is highly recommended to store the files on the router’s FLASH

filing system using filenames prefixed with “priv” which makes it impossible to read the files

using any of the normal methods (e.g. FTP). It is possible (using the genkey command) to

create host keys in either format for use with SSH. Using this utility it is not necessary to

have the host key files present on any other storage device (thus providing an additional

level of security). Refer to the section of this manual that covers certificates on how to

generate a private key file.

Unlike the Telnet server it is possible to configure the number of SSH server sockets that

listen for new SSH connections.

Multiple SSH server instances can be configured, each instance can be configured to listen

on a separate port number and can use different keys and encryption methods.

It is possible to configure which authentication methods can be used in an SSH session and

the preferred selection order. The router currently supports MD5, SHA1, MD5-96 and SHA1-

96. If required, a public/private key pair can be used for authentication.

The router currently supports 3DES, 3DES-CBC and AES cipher methods.

DEFLATE compression is also supported. If this is enabled and negotiated, SSH packets are

first compressed before being encrypted and delivered to the remote unit via the TCP

socket.

Note:

The SSH server supports the SCP file copy protocol but does NOT support filename

wildcards.

Enable SSH Servers

When checked, this checkbox enables the SSH servers on the router.

Configuration – Network > SSH Server > SSH Server n

The router supports eight individual SSH servers that are configured independently using

the options described below.

Enable SSH Server

When checked, this checkbox enables the SSH server.

Use TCP port p

The value in this text box is the TCP port number (default 22) that the SSH server will use

to listen for incoming connections. (Port 22 is the standard SSH port).