Manualshelf

User manual

ManualsBrandsRedline Communications ManualsComputer equipmentAN-50e
121122123124125126127128129130
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 129 of 152 March 2, 2011
The self-generated key appears in the FIPS (fips) table, but is not permanent and a new
key is generated on each reboot. This feature is disabled when a user-generated key
has been loaded, or a key has been created using the CLI 'generate' command.
Enable SSH
SSH is disabled by (factory) default. Use the CLI or Web interface to enable SSH:
Command: set ssh on
Web interface: Configuration screen -> Ethernet: SSH Enable
Note: When using the self-generated key, a warning message may be displayed, based
on the SSH client security settings ( e.g.,
'Warning: Potential Security Breach. The servers
host key does not match ...'). T
he operator has full access to the secure CLI interface.
Loading an SSH Key File
Use the following steps to load user-generated X.509 certificate and key files:
1. Use a commercially available tool to create the required key file. The DSA key file
must conform to the following:
Maximum key size is 2048 bits
Key filename must be in the following format:
dsa_key_<mac>.pem
2. Copy the key file to the default directory on a TFTP server.
3. Use the CLI 'load' command to load the SSH DSA key into the FIPS (fips) table. It is
recommended to use the local Ethernet port when transferring encryption keys and
certificates to the AN-80i.
4. Reboot the AN-80i to activate changes to the key files.
5. Login to the AN-80i and verify the files have been successfully loaded.
Example
Use TFTP server at IP address 192.168.25.10 to load an SSH key file for the AN-80i with MAC
address 00 09 02 01 C1 9A.
192.168.25.2# load file 192.168.25.10 dsa_key_00-09-02-01-C1-9A.pem fips tftp
192.168.25.2# show files fips
dsa_key.pem size=672 md5=fa9bd7a1f465fd7e9fed30150b0608c4
192.168.25.2#
192.168.25.2# reboot
SSH Key Generate Utility
Use the Command 'generate sshkey dsa' to create a DSA key and save this file in the
FIPS (fips) table. This key file will be persistent through reboots. After executing the
generate command, the AN-80i must be rebooted to activate the new key.
Example
Generate a new DSA key file.
192.168.25.2# generate sshkey dsa
192.168.25.2# reboot
8.3.5 FIPS: HTTPS for Secure Web
HTTPS (SSL) is a standard feature on all An-80i systems. HTTPS uses authentication
and encryption to provide secure access over an unsecured network. When HTTPS is
required, HTTP (unsecured access) should be disabled.
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299