R T M 3 2 0 5 U s e r M a n u a l
60
C H A P T E R F I V E
61
R T M 3 2 0 5 U s e r M a n u a l
S E C U R I T Y
Reboot RTM3205 when done for the changes to take effect.
Is the Protocol Disabled?
Telnet, TIME and DAYTIME: To determine if one of these protocols is disabled, use the
inetdcon-
fig
command.
SNMP, SSH and HTTPS: To determine if one of these protocols is disabled, issue the following
command:
ls -l /boot/etc/rc.d
If you see one of the following files listed, and there is NOT an ‘*’ after the file name, then the cor-
responding protocol is disabled:
-rw-r--r-- 1 root root 1144 Feb 19 01:52 rc.httpd
-rw-r--r-- 1 root root 1168 Oct 26 2012 rc.snmpd
-rw-r--r-- 1 root root 2684 Feb 18 02:16 rc.sshd
If rc.httpd, rc.snmp, or rc.ssh is not listed, or it is listed and there is an ‘*’ after the file name, then the
protocol is enabled. Here is an example:
-rwxr-xr-x 1 root root 1168 Oct 26 2012 rc.snmpd*
OpenSSH
The secure shell protocol server running in RTM3205 is based on the portable OpenSSH for Linux.
As such it supports both SSH1 and SSH2 protocol versions. By default, only SSH2 is enabled in
RTM3205 due to security issues with SSH1. For more information about OpenSSH, and to obtain
client software, refer to the OpenSSH website:
An excellent book which describes operation and configuration of the various SSH implementations,
including OpenSSH is:
SSH, The Secure Shell
, Barrett & Silverman, O’Reilley & Associates, 2001.
NOTE: To disable the SSH protocol see
Disable SNMP, SSH and HTTPS
above. To restrict access
see
Restrict Access - Telnet, SSH and SNMP
above.
Configure Keys
On initial boot-up from out-of-the-box, the SSH start-up script,
/etc/rc.d/rc.sshd
, will detect that no
keys are present in the
/etc/ssh
directory. It will call
ssh-keygen
to generate a set of host keys and
then it will copy them to the
/boot/etc/ssh
directory. These will be copied to
/etc/ssh
during each boot
up. A complete set of security keys for both SSH1 and SSH2 versions of the protocol are generated.
RSA keys are supported by both versions, and DSA keys are supported when using the SSH2 version.
Summary of Contents for RTM3205
Page 2: ......
Page 6: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 18: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 126: ...R T M 3 2 0 5 U s e r M a n u a l 108 A P P E N D I X A This page intentionally left blank...
Page 154: ...R T M 3 2 0 5 U s e r M a n u a l 136 A P P E N D I X E This page intentionally left blank...
Page 156: ...R T M 3 2 0 5 U s e r M a n u a l 138 A P P E N D I X F This page intentionally left blank...
Page 160: ...R T M 3 2 0 5 U s e r M a n u a l 142 A P P E N D I X G This page intentionally left blank...
Page 168: ...R T M 3 2 0 5 U s e r M a n u a l 150 A P P E N D I X J This page intentionally left blank...
Page 179: ......