Product specifications
Efficient Networks
®
Router family
Technical Reference Guide
Chapter 5: System Security
Efficient Networks
®
Page 5-73
SSH Sessions
For SSH to be operational, the following must be performed:
• Add the enabling feature key
• Generate or install a public/private key pair
Assuming these steps have been performed, secure connections to the system are
available. When SSH is enabled (default mode), it listens on port 22 for a client to
initiate a secure session. Secure sessions can be initiated regardless of the "trusted"
or "untrusted" condition placed on the interface via Secure Mode Access.
SSH can be enabled and disabled via the Web Interface Secure Shell Configuration
page or by using the following command:
-> ssh set status <enable | disable>
SSH can also be configured to use a different port using the Web Interface SSH
Configuration form or by entering the following command:
-> system sshport <port>
A connection timeout period can also be configured that will define the amount o time
an SSH connection will be allowed to remain idle (in seconds) before the session is
disconnected. The default value is 10 minutes and can be configured with a range of
30 seconds to 20 minutes. This setting is defined on the Web Interface SSH
Configuration form or by entering the following command:
-> ssh set idletimeout <seconds>
Keys
Key Generation
Since no public/private key pairs are automatically generated for the system, once
SSH has been key-enabled, the first step in setting up SSH is to generate a key pair.
There are two options for key generation:
• Keys can be generated from locally from the router using the Web Interface
Key Generation form or by using the following command:
-> ssh keygen
NOTE:
The Key Generation function may take in excess of 1 hour to complete. A reboot of
the router will terminate the process and will result in no keys having been generated.