User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41

231

232

233

234

235

236

237

238

239

240

233

Configuring SSH

In order to fully configure SSH, a version1 SSH key and a version 2 SSH key need to be

generated and the router configured to use them. This procedure will be described below.

Note:

SSH version 2 is more secure than version 1 and so is the recommended version to use.

However, some SSH clients may only support version 1 keys and so the router supports

both version 1 and version 2 SSH.

Configuration using the web interface

Navigate to Administration – X.509 Certificate Management > Key Generation and

select the size of the key file from the drop-down list. The larger the key file, the more

secure it will be.

Enter the name for the key file in the Key filename box or select from those already

present using the drop-down selector. The filename should have a prefix of “priv” and a file

extension of “.pem”, e.g. “privssh1.pem”. (Please note that the 8.3 file name convention

applies as mentioned previously).

Check the checkbox marked Save in SSHv1 format in order to generate a version 1 SSH

key. Click the Generate Key button to generate the private key file. The key file will be

stored in the router’s FLASH filing system.

Repeat steps 1 to 3 in order to generate the second key. This time, however, make sure

that the Save in SSHv1 format checkbox is unchecked. This key file should be given a

different name to the version 1 file previously generated.

On the Configuration – Network > SSH Server > SSH Server n page, enter the

filename generated in step 3 into the Host Key 1 Filename text box and the filename

generated in step 4 into the Host Key 2 Filename text box.

Apply the configuration changes using the Apply button at the bottom of the page and when

the “Configuration successfully applied” message appears, click on the highlighted link to

save the configuration.

Configuration using the command line interface

Generate the SSH V1 private key using the genkey command as follows:

genkey <keybits> <filename> -ssh1 where <keybits> is one of the following

values; 384, 512, 768, 1024, 1536 or 2048 and

<filename> is the name for the file, e.g.

“privssh1.pem” as described for the web version of this procedure.

Generate the SSH V2 private key using the genkey command as per step 1 but this time

omit the

–ssh1 switch. For example:

genkey 1024 privssh2.pem.

Set the first private key as the SSH Host key 1 using the following command:

ssh 0 hostkey1 privssh1.pem

Set the second private key as SSH Host Key 2 using the following command:

ssh 0 hostkey2 privssh2.pem

Save the configuration:

config 0 save