Tripp Lite B093-004-2E4U-V Owner's Manual

Loading ...

248

15. Advanced Conﬁguration

To set the SNMP Manager v3 Security Level ﬁeld:

conﬁg --set=”conﬁg.system.snmp.seclevel3=noAuthNoPriv” or

conﬁg --set=”conﬁg.system.snmp.seclevel3=authNoPriv” or

conﬁg --set=”conﬁg.system.snmp.seclevel3=authPriv”

To set the SNMP Manager v3 Username ﬁeld:

conﬁg --set=”conﬁg.system.snmp.username3=username”

To set the SNMP Manager v3 Auth. Protocol and password ﬁelds:

conﬁg –set=”conﬁg.system.snmp.authprotocol3=SHA” or

conﬁg --set=”conﬁg.system.snmp.authprotocol3=MD5”

conﬁg --set=”conﬁg.system.snmp.authpassword3=password 1”

To set the SNMP Manager v3 Privacy Protocol and password ﬁelds:

conﬁg –set=”conﬁg.system.snmp.privprotocol3=AES” or

conﬁg –set=”conﬁg.system.snmp.privprotocol3=DES”

conﬁg --set=”conﬁg.system.snmp.privpassword3=password 2”

Once the ﬁelds are set, apply the conﬁguration with the following command:

conﬁg --run snmp

You can add a third or more SNMP servers by incrementing the “2” in the above commands (e.g., conﬁg.system.snmp.

protocol3, conﬁg.system.snmp.address3, etc.).

15.6 Secure Shell (SSH) Public Key Authentication

This section covers the generation of public and private keys in a Linux and Windows environment and conﬁguring SSH for

public key authentication. The steps to use in a clustering environment are:

• Generate a new public and private key pair.

• Upload the keys to the primary device and to each secondary console server.

• Fingerprint each connection to validate.

15.6.1 SSH Overview

Popular TCP/IP applications such as telnet, rlogin, ftp and others transmit their passwords unencrypted. Doing this across

pubic networks like the Internet can have catastrophic consequences, as it allows an opening for eavesdropping, connection

hijacking, and other network-level attacks.

Secure Shell (SSH) is a program used to log into another computer over a network, execute commands in a remote machine

and move ﬁles from one machine to another. It provides strong authentication and secure communications over insecure

channels.

OpenSSH, the de facto open source SSH application, encrypts all trafﬁc (including passwords) to effectively eliminate these

risks. Additionally, OpenSSH provides myriad secure tunneling capabilities, as well as a variety of authentication methods.

OpenSSH is the port of OpenBSD’s excellent OpenSSH[0] to Linux and other versions of UNIX. OpenSSH is based on the last

free version of Tatu Ylonen’s sample implementation, with all patent-encumbered algorithms removed (to external libraries),

all known security bugs ﬁxed, new features reintroduced and many other ﬁxes. The only changes in the Tripp Lite SSH

implementation are:

• PAM support.

• EGD[1]/PRNGD[2] support and replacements for OpenBSD library functions that are absent from other versions of UNIX.

• The conﬁg ﬁles are now in /etc/conﬁg. e.g.

o /etc/conﬁg/sshd_conﬁg instead of /etc/sshd_conﬁg

o /etc/conﬁg/ssh_conﬁg instead of /etc/ssh_conﬁg

o /etc/conﬁg/users/<username>/.ssh / instead of /home/<username>/.ssh/

Loading ...

Tripp Lite B093-004-2E4U-V 4-Port Console Server with 4G LTE Cellular Gateway, Dual GbE NIC, 4Gb Flash and Dual SIM

Owner's Manual - Page 248