User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

221

222

223

224

225

226

227

228

229

230

229

• SSLv3 only

• SSLv2 only.

Cipher List

The list of ciphers is the same as described above for the client-side configuration table.

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

sslsvr 0 certfile

Up to 12

characters (DOS

8.3 format)

Server Certificate Filename

sslsvr 0 keyfile

Up to 12

characters (DOS

8.3 format)

Server Private Key Filename

sslsvr 0 ver

Blank, TLS1,

SSL3, SSL2

SSL Version

sslsvr 0 cipherlist

Colon-separated

list

Cipher List

sslsvr 0 debug OFF,ON n/a

SSH Server

Configuration – Network > SSH Server

The secure shell (SSH) server allows remote peers to access the router over a secure TCP

connection using a suitable SSH client. The SSH server provides a Telnet-like interface and

secure file transfer capability.

SSH uses a number of keys during a session. The host keys are used for authentication

purposes. Keys unique to each SSH session are also generated and are used for

encryption/authentication purposes.

The router supports SSH v1.5 and SSH v2. The host key file format differs for each version

but there would normally only be one host key for each version. For this reason the router

allows the user to configure two host key files. These keys may be changed from time to

time, specifically if it suspected that the key has become compromised. Because the host

keys need to be secure, it is highly recommended to store the files on the router’s FLASH

filing system using filenames prefixed with “priv” which makes it impossible to read the files

using any of the normal methods (e.g. FTP). It is possible (using the genkey command) to

create host keys in either format for use with SSH. Using this utility it is not necessary to

have the host key files present on any other storage device (thus providing an additional

level of security). Refer to the section of this manual that covers certificates on how to

generate a private key file.

Unlike the Telnet server it is possible to configure the number of SSH server sockets that

listen for new SSH connections.

Multiple SSH server instances can be configured, each instance can be configured to listen

on a separate port number and can use different keys and encryption methods.

It is possible to configure which authentication methods can be used in an SSH session and

the preferred selection order. The router currently supports MD5, SHA1, MD5-96 and SHA1-

96. If required, a public/private key pair can be used for authentication.

The router currently supports 3DES, 3DES-CBC and AES cipher methods.