Loading ...
Loading ...
Loading ...
256
15. Advanced Configuration
15.6.8 SDT Connector Public Key Authentication
SDT Connector can authenticate against a console server using your SSH key pair, rather than requiring you to enter your
password (i.e. public key authentication).
• To use public key authentication with SDT Connector, first create an RSA or DSA key pair (using ssh-keygen, PuTTYgen or a
similar tool) and add the public part of your SSH key pair to the console server.
• Next, add the private part of your SSH key pair (this file is typically named id_rsa or id_dsa) to SDT Connector client. Click
Edit: Preferences: Private Keys: Add, locate the private key file and click OK. You do not have to add the public part of
your SSH key pair, it is calculated using the private key.
SDT Connector will now use public key authentication when SSH connects via console server. You may have to restart SDT
Connector to shut down any existing tunnels that were established using password authentication.
If you have a host behind the console server that you connect to by clicking the SSH button in SDT Connector, you can also
configure it for public key authentication. Essentially, what you are using is SSH over SSH. The two SSH connections are
entirely separate, and the host configuration is entirely independent of SDT Connector and the console server. You must
configure the SSH client that SDT Connector launches (e.g., Putty, OpenSSH) and the host’s SSH server for public key
authentication.
15.7 Secure Sockets Layer (SSL) Support
Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL
works by using a private key to encrypt data transferred over the SSL connection.
The console server includes OpenSSL. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade,
full-featured and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols, as well as a full-strength general-purpose cryptography library. The project is managed by a worldwide community of
volunteers that use the Internet to communicate, plan and develop the OpenSSL toolkit and its related documentation.
OpenSSL is based on the Slay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style license, which means you are free to get and use it for commercial and non-commercial purposes subject
to some simple license conditions. In the console server, OpenSSL is used primarily in conjunction with http in order to have
secure browser access to the GUI management console across insecure networks.
More documentation on OpenSSL is available at:
http://www.openssl.org/docs/apps/openssl.html
http://www.openssl.org/docs/HOWTO/certificates.txt
15.8 HTTPS
The management console UI is served using HTTPS by the built in Cherokee webserver.
If your default network address is changed or the unit is to be accessed using a known domain name, you can use the
following steps to replace the default SSL certificate and private key with those tailored for your new address.
15.8.1 Generating an Encryption Key
To create a 1024-bit RSA key with a password, issue the following command on the Linux host command line with the openssl
utility installed:
openssl genrsa -des3 -out ssl_key.pem 1024
Loading ...
Loading ...
Loading ...