Filter
Top Products
Chapter 15: Advanced Configuration
724-746-5500 | blackbox.com
151
Use WinSCP to copy this "authorized_keys" file into the users home directory: e.g. /etc/config/users/testuser/.ssh/authorized_keys of the Black Box
gateway which will be the SSH server. You will need to make sure this file is in the correct format with the correct permissions with the following
commands:
# dos2unix \
/etc/config/users/testuser/.ssh/authorized_keys && chown testuser \
/etc/config/users/testuser/.ssh/authorized_keys
Using WinSCP copy the attached sshd_config over /etc/config/sshd_config on the server (Makes sure public key authentication is enabled).
Test the Public Key by logging in as "testuser" to the client Black Box device and typing (you should not need to enter anything): # ssh -o
StrictHostKeyChecking=no <server-ip>
To automate connection of the SSH tunnel from the client on every power-up you need to make the clients /etc/config/rc.local look like the
following:
#!/bin/sh
ssh -L9001:127.0.0.1:4001 -N -o StrictHostKeyChecking=no testuser@<server-ip> &
This will run the tunnel redirecting local port 9001 to the server port 4001.
Fingerprints are used to ensure you are establishing an SSH session to who you think you are. On the first connection to a remote server you will
receive a fingerprint that you can use on future connections.
This fingerprint is related to the host key of the remote server. Fingerprints are stored in ~/.ssh/known_hosts.
To receive the fingerprint from the remote server, log in to the client as the required user (usually root) and establish a connection to the remote
host:
# ssh remhost
The authenticity of host 'remhost (192.168.0.1)' can't be established.
RSA key fingerprint is 8d:11:e0:7e:8a:6f:ad:f1:94:0f:93:fc:7c:e6:ef:56.
Are you sure you want to continue connecting (yes/no)?
At this stage, answer yes to accept the key. You should get the following message:
Warning: Permanently added 'remhost,192.168.0.1' (RSA) to the list of known hosts.
You may be prompted for a password, but there is no need to log in— you have received the fingerprint and can Ctrl-C to cancel the connection. If
the host key changes you will receive the following warning, and not be allowed to connect to the remote host:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!@
@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ab:7e:33:bd:85:50:5a:43:0b:e0:bd:43:3f:1c:a5:f8.
Please contact your system Administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending key in /.ssh/known_hosts:1
RSA host key for remhost has changed and you have requested strict checking.
Host key verification failed.