M e r i d i a n I I U s e r M a n u a l
64
C H A P T E R F I V E
65
M e r i d i a n I I U s e r M a n u a l
S E C U R I T Y
Configure Keys
On initial boot-up from out-of-the-box, the SSH start-up script,
/etc/rc.d/rc.sshd
, will detect that no
keys are present in the
/etc/ssh
directory. It will call
ssh-keygen
to generate a set of host keys and
then it will copy them to the
/boot/etc/ssh
directory. These will be copied to
/etc/ssh
during each boot
up. A complete set of security keys for both SSH1 and SSH2 versions of the protocol are generated.
RSA keys are supported by both versions, and DSA keys are supported when using the SSH2 version.
Should you need to replace your keys at any time, you can just remove the keys from the
/boot/etc/
ssh
directory and then reboot Meridian II. A new set of host keys will automatically be generated.
To configure root logins to your Meridian II via passwordless, public key authentication, you must
generate a public/private pair of SSH2 keys using your own ssh key generating utility, or you can
use the
ssh-keygen
that is resident on Meridian II file system. You must then append the public
key to the
/boot/root/.ssh/authorized_keys2
file in the non-volatile FLASH area on your Meridian
II. At boot time, Meridian II will copy these to the actual working
/root/.ssh
directory of the system
ramdisk. To use this capability, the corresponding private key must reside in the
/root/.ssh
directory
of your remote computer as
id_rsa
or
id_dsa
. If you are unfamilar with this process, refer to the man
page for the
ssh-keygen
utility for details (issue
man ssh-keygen
at the prompt). (Be careful
to maintain the proper ownership and access permissions of the private key by using
cp -p
when
copying the file. It MUST be readable only by
root
.)
Advanced users wishing to modify the overall configuration of the
sshd
daemon should edit the
/etc/ssh/sshd_config
file and then copy it to the
/boot/etc/ssh
directory of Meridian II. Be careful to
maintain the proper ownership and access permissions by using
cp -p
when copying the file. At
boot time, it will be copied to the
/etc/ssh
directory of the system ramdisk, thereby replacing the fac-
tory default configuration file.
HTTPS
The HTTPS server in Meridian II is built from the standard Apache version 2.4.10 distribution from:
It uses HTTPS (HTTP over SSL) with mod_ssl (the Apache interface to OpenSSL). For more infor-
mation about this protocol, refer to:
NOTE: To disable the HTTPS protocol see
Disable SNMP, SSH and HTTPS
above. To restrict ac-
cess see
Restrict Access - HTTPS
above.
HTTPS and SSL use files for the default configuration located in
/etc/httpd
. Of these, you will typi-
cally only need to modify
httpd.conf
. Advanced users who need to modify the default configuration
will need to edit the file and copy it to the
/boot/etc/httpd
directory. Do not attempt to change the
directives unless you have a real need to do so. (See
Appendix C - Helpful Linux Information, Us-
ing Editors
above.)
Summary of Contents for Meridian II
Page 2: ......
Page 20: ...M e r i d i a n I I U s e r M a n u a l This page intentionally left blank...
Page 139: ...119 M e r i d i a n I I U s e r M a n u a l R E A R P A N E L I O...
Page 216: ...M e r i d i a n I I U s e r M a n u a l 196 A P P E N D I X J...
Page 235: ...215 M e r i d i a n I I U s e r M a n u a l S P E C I F I C AT I O N S...
Page 236: ...M e r i d i a n I I U s e r M a n u a l 216 A P P E N D I X K...
Page 239: ......
