Table of Contents
Advertisement
Controlling Access to Services
60
Password Protection
To configure simple password authentication for an SSH user, no
SSH-specific configuration is required. Simply configure a user by entering
the following commands:
set user name=name password=on
newpass name=name
where name is a user name
Example:
set user name=ssh-user1
newpass name=ssh-user1
Using a Public Key
To enable public key authentication and to associate a public key with a
user, enter the following command:
set user name=name loadkey=host:key
where
•
name is the name of a user
•
host is either an IP address or DNS name of a host running TFTP
that holds
•
key is the name of a file that contains the DSA public key. If your
host's implementation requires a complete path to the file, specify
the path here as well.
Example:
set user name=secure loadkey=143.191.2.34:ssh-file
Making Reverse SSH Connections to Ports
The convention used to identify a port for a reverse SSH connection to a
Digi device is to use 2500 + the port number. See the examples that follow
for more information.
Example: Reverse SSH Connection to Port 1
ssh 192.1.2.3 2501
Example: Reverse SSH Connection to Port 4
ssh 192.1.2.3 2504
This section describes how to disable services, such as Telnet and Rlogin,
for inbound users, which means that they cannot access the Digi device
using those services. This feature allows you to turn off individual services
or to specify a security level, which means that all services not included in
that level are turned off.
Services that Can Be Turned Off
The following services can be turned off.
•
HTTP
Chapter 12 Configuring Security Features
Advertisement
Table of Contents
