==================================================================== Cyclades-TS Ssh is a command interface and protocol often used by network administrators to connect securely to a remote computer. Ssh replaces its non-secure counterpart rsh and rlogin. There are two versions of the protocol, ssh and ssh2. The Cyclades-TS offers both. The command to start an ssh client session from a UNIX workstation is: cyclades: ~break ssh -t @ = :ttySnn or :socket_port or :ip_addr or :serverfarm Note: serverfarm is a physical port alias. It can be configured in the file pslave.conf. An example: username: cyclades TS1000 IP address: 192.168.160.1 Appendix A - New User Background Information User Guide 218 host name: ts1000 servername for port 1: file_server ttyS1 is addressed by IP 10.0.0.1 or socket port 7001. The various ways to access the server connected to the port are: telnet ts1000 7001 ssh -t USERNAME:ttyS1@ts1000 ssh -t cyclades:ttyS1@ts1000 ssh -t USERNAME:PORT@CYCLADES_TERM_SRVR ssh -t cyclades:7001@ts1000 ssh -t cyclades:10.0.0.1@ts1000 ssh -t cyclades:file_server@ts1000 ssh -t -l cyclades:10.0.0.1ts1000 ssh -t -l cyclades:7001 ts1000 For openssh clients, version 3.1p1 or later ssh2 is the default. In that case, the -1 flag is used for ssh1. ssh -t cyclades:7001@ts1000 (openssh earlier than 3.1p1 - Cyclades-TS V_1.3.1 and earlier -> ssh1 will be used) ssh -t -2 cyclades:7001@ts1000 (openssh earlier than 3.1p1 - Cyclades-TS V_1.3.1 and earlier -> ssh2 will be used) ssh -t cyclades:7001@ts1000 (openssh 3.1p1 or later - Cyclades-TS V_1.3.2 or later/AlterPath Console Server version 2.1.0 or later -> ssh2 will be used) ssh -t -1 cyclades:7001@ts1000 (openssh 3.1p1 or later - Cyclades-TS V_1.3.2 or later/AlterPath Console Server version 2.1.0 or later -> ssh1 will be used) To log in to a port that does not require authentication, the username is not necessary: ssh -t -2 :ttyS1@ts1000 Note: In this case, the file sshd_config must be changed in the following way: PermitRootLogin Yes PermitEmptyPassword Yes Configuring sshds client authentication using SSH Protocol version 1 Step 1: Only RhostsAuthentication yes in sshd_config. One of these: hostname or ipaddress in /etc/hosts.equiv or /etc/ssh/ shosts.equiv hostname or ipaddress and username in ~/.rhosts or ~/.shosts and IgnoreRhosts no in sshd_config Client start-up command: ssh -t (if the ssh client is running under a session belonging to a username present both in the workstations database and the TSs database). Client start-up command: ssh -t -l (if the ssh client is running under a session belonging to a username present only in the workstations database. In this case, the indicated would have to be a username present in the TSs database). Step 2: Only RhostsRSAAuthentication yes in sshd_config. One of the RhostsAuthentication settings, described in Step 1. Client machines host key ($ETC/ssh_host_key.pub) copied into the TS/tmp/ known_hosts file. The client hostname plus the information inside this file must be Note: For security reasons, some ssh clients do not allow just this type of authentication. To access the serial port, the TS must be configured for local authentication. No root user should be used as username. appended in one single line inside the file /etc/ssh/ ssh_known_hosts or ~/.ssh/ known_hosts and IgnoreUserKnownHosts no inside sshd_config. The following commands can be used for example: echo n client_hostname >> /etc/ssh/ssh_known_hosts or ~/.ssh/ known_hosts cat /tmp/known_hosts >> /etc/ssh/ssh_known_hosts or ~/.ssh/ known_hosts client start-up command: ssh -t Step 3: Only RSAAuthentication yes in sshd_config. Removal of the TSs *.equiv, ~/.?hosts, and *known_hosts files. Client identity created by ssh-keygen and its public part (~/.ssh/identity.pub) copied into TSs ~/.ssh/authorized_keys. Client start-up command: ssh -t . Step 4: Only PasswdAuthentication yes in sshd_config. Removal of the TSs *.equiv, ~/.?hosts, *known_hosts, and *authorized_keys files. Client startup command: ssh t -l or ssh t l . Configuring sshds client authentication using SSH Protocol version 2 Only PasswdAuthentication yes in sshd_config DSA Authentication is the default. (Make sure the parameter PubkeyAuthentication is enabled.) Client DSA identity created by ssh-keygen -d and its public part (~/.ssh/id_dsa.pub) copied into the TSs ~/.ssh/authorized_keys2 file. Note: client_hostname should be the DNS name. To access the serial port, the TS must be configured for local authentication. No root user should be used as username. Password Authentication is performed if DSA key is not known to the TS. Client start-up command: ssh -2 -t . Note: All files ~/* or ~/.ssh/* must be owned by the user and readable only by others. All files created or updated must have their full path and file name inside the file config_files and the command saveconf must be executed before rebooting the TS. ==================================================================== Table 24: Cables and their pin specifications RS-232 Signal Name/Function DB-25 pins DB-9 pins RJ-45 pins (Input/Output) (Standard) (Standard) (Cyclades) Chassis Safety Ground 1 Shell Shell TxD Transmit Data (O) 2 3 3 RxD Receive Data (I) 3 2 6 DTR Data Terminal Ready (O) 20 4 2 DSR Data Set Ready (I) 6 6 8 DCD Data Carrier Detect (I) 8 1 7 RTS Request To Send (O) 4 7 1 CTS Clear To Send (I) 5 8 5 Gnd Signal Ground 7 5 4 ====================================================================