Filter
Top Products
1101 and 1102 Secure Device Servers
724-746-5500 | blackbox.com
152
If the host key has been legitimately changed, it can be removed from the ~/.ssh/known_hosts file and the new fingerprint added. If it has not
changed, this indicates a serious problem that should be investigated immediately.
You have the option to apply SSH tunneling when two Black Box console servers are configured for serial bridging.
Figure 15-4. SSH tunneling and bridging.
As detailed in Chapter 5, the Server console server is setup in Console server mode with either RAW or RFC2217 enabled and the Client console
server is set up in Serial Bridging Mode with the Server Address, and Server TCP Port (4000 + port for RAW or 5000 + port # for RFC2217) specified:
Select SSH Tunnel when configuring the Serial Bridging Setting.
Figure 15-5. Serial bridge settings.
Next, you will need to set up SSH keys for each end of the tunnel and upload these keys to the Server and Client console servers.
Client Keys:
The first step in setting up ssh tunnels is to generate keys. Ideally, you will use a separate, secure machine to generate and store all keys to be used
on the console servers. If this is not ideal for your situation, keys may be generated on the console servers themselves.
It is possible to generate only one set of keys, and reuse them for every SSH session. While we do not recommend this, each organization will need
to balance the security of separate keys against the additional administration they bring.
Generated keys may be one of two types—RSA or DSA (and it is beyond the scope of this document to recommend one over the other). RSA keys
will go into the files id_rsa and id_rsa.pub. DSA keys will be stored in the files id_dsa and id_dsa.pub.
For simplicity going forward, the term private key will be used to refer to either id_rsa or id_dsa and public key to refer to either id_rsa.pub or
id_dsa.pub.
Serially connected device (for
example, security appliance)
COM port connected
control PC
Ethernet LAN
LES1101A
LES1101A