Manualshelf

User manual

ManualsBrandsRedline Communications ManualsComputer equipmentAN-50e
121122123124125126127128129130
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 122 of 152 March 2, 2011
4. Choose the same AES encryption setting on both AN-80i systems. A data link can be
established only
between systems with identical security settings.
Web: Configuration screen -> Wireless Security Configuration: Encryption Type
(None, 64-Bit, AES 128, AES 192, AES 256)
5. Save the configuration to active changes.
8.2.4 SSH for Secure CLI
SSH is a standard feature on all AN-80i systems. SSH provides secure access when
using the command line interface (CLI) to manage AN-80i equipment. When SSH is
required, TELNET (unsecured access) should be disabled. Use an SSH client (e.g.,
OpenSSH, Putty, etc) to access an AN-80i using SSH.
It is recommended that system operators generate a unique certificate and private-public
keys, and load these on the AN-80i before
using the HTTPS feature in a produc tion
environment.
Out-of-Box Operation
The AN-80i provides out-of-box use of the SSH interface. If no user-generated DSA key
has been loaded on the AN-80i, a temporary key is generated automatically.
Each reboot, a new self-generated key (ssh_key<mac>.pem) is loaded into the user
table. The self-generating key feature is disabled when the user loads a key in the
user (usr) table or creates a key using the CLI 'generate' command.
Note: When using the self-generated key, a warning message may be displayed, based
on the SSH client security settings ( e.g.,
'Warning: Potential Security Breach. The servers
host key does not match ...'). T
he operator has full access to the secure CLI interface.
Enable SSH
SSH is disabled by (factory) default. Use the CLI or Web interface to enable SSH:
Web interface: Configuration screen -> Ethernet: SSH Enable
Command: set ssh on
Loading an SSH Key File
Use the following steps to load user-generated X.509 certificate and key files:
1. Use a commercially available tool to create the required key file. The DSA key file
must conform to the following:
Maximum key size is 2048 bits
Key filename must be in the following format:
dsa_key_<mac>.pem
2. Copy the key file to the default directory on a TFTP server.
3. Use the CLI 'load' command to load the SSH DSA key into the user (usr) table. It is
recommended to use the local Ethernet port when transferring encryption keys and
certificates to the AN-80i.
4. Reboot the AN-80i to activate changes to the key files.
5. Login to the AN-80i and verify the files have been successfully loaded.
Example
Use TFTP server at IP address 192.168.25.10 to load an SSH key file for the AN-80i with MAC
address 00 09 02 01 C1 9A.
192.168.25.2# load file 192.168.25.10 dsa_key_00-09-02-01-C1-9A.pem usr tftp
192.168.25.2# show files usr
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299