36 BSGX4e Business Gateway User Guide
NN47928-102 Release 01.01
SSH Server
This section describes how to configure the Secure Shell (SSH) server. The SSH server
enables secure remote access to the BSGX4e device over an insecure network, such
as the Internet. SSH version 2 is supported.
SSH use requires the following:
The workstation on the WAN or LAN must provide an SSH client (for example,
PuTTY or SSH secure shell).
As initially configured, the SSH server in the unit is enabled, and the firewall
allows SSH access from the WAN.
If the initial unit configuration is changed, the following reconfiguration can be
required:
For SSH access from the WAN, the firewall must allow SSH traffic terminating at
the BSGX4e device. This requires a security policy for TCP traffic to the SSH port.
(The default SSH port is port 22). For more information about security policies,
see “Firewall Security Policies” (page 130).
The SSH server on the unit must be configured and enabled as described in the
section “SSH Configuration Command” (page 36).
Digital Signature Algorithm (DSA) Host Keys
The SSH server uses a set of 640-bit DSA host keys (one public, one private) for data
encryption. It stores one set of keys on the file system (/cf0sys/ssh). A randomly
seeded algorithm generates an initial set of host keys the first time that the BSGX4e
device is started. The SSH server uses this set of host keys to identify itself when an
SSH client connects. Regenerate new host keys by using the parameter hostkeys on
the config service ssh command.
After a secure connection is established between the SSH server and a client, the
client attempts authentication. The SSH server supports password, keyboard, and
publickey authentication.
When both password and keyboard authentication are requested, the user
must supply a username and password.
To use publickey authentication, upload files containing the public key of the
SSH client must be to the device in the directory:
/cf0sys/id_<username>.pub.
After the SSH client is authenticated, it requests an SSH secure remote log on.
SSH Configuration Command
To change the SSH configuration, enter the following command:
> config service ssh
Table 5 describes the parameters for config service ssh.
