R T M 3 2 0 5 U s e r M a n u a l
60
C H A P T E R F I V E
61
R T M 3 2 0 5 U s e r M a n u a l
S E C U R I T Y
Should you need to replace your keys at any time, you can just remove the keys from the
/boot/etc/
ssh
directory and then reboot RTM3205. A new set of host keys will automatically be generated.
To configure root logins to your RTM3205 via passwordless, public key authentication, you must
generate a public/private pair of SSH2 keys using your own ssh key generating utility, or you can use
the
ssh-keygen
that is resident on RTM3205 file system. You must then append the public key to
the
/boot/root/.ssh/authorized_keys
file in the non-volatile FLASH area on your RTM3205. At boot
time, RTM3205 will copy these to the actual working
/root/.ssh
directory of the system ramdisk. To
use this capability, the corresponding private key must reside in the
/root/.ssh
directory of your re-
mote computer as
id_rsa
or
id_dsa
. If you are unfamilar with this process, refer to the man page for
the
ssh-keygen
utility for details (issue
man ssh-keygen
at the prompt). (Be careful to maintain
the proper ownership and access permissions of the private key by using
cp -p
when copying the
file. It MUST be readable only by
root
.)
Advanced users wishing to modify the overall configuration of the
sshd
daemon should edit the
/etc/ssh/sshd_config
file and then copy it to the
/boot/etc/ssh
directory of RTM3205. Be careful to
maintain the proper ownership and access permissions by using
cp -p
when copying the file. At
boot time, it will be copied to the
/etc/ssh
directory of the system ramdisk, thereby replacing the fac-
tory default configuration file.
HTTPS
The HTTPS server in RTM3205 is built from the standard Apache version 2.4.10 distribution from:
It uses HTTPS (HTTP over SSL) with mod_ssl (the Apache interface to OpenSSL). For more infor-
mation about this protocol, refer to:
NOTE: To disable the HTTPS protocol see
Disable SNMP, SSH and HTTPS
above. To restrict ac-
cess see
Restrict Access - HTTPS
above.
HTTPS and SSL use files for the default configuration located in
/etc/httpd
. Of these, you will typi-
cally only need to modify
httpd.conf
. Advanced users who need to modify the default configuration
will need to edit the file and copy it to the
/boot/etc/httpd
directory. Do not attempt to change the
directives unless you have a real need to do so. (See
Appendix C - Helpful Linux Information, Us-
ing Editors
above.)
Configure Certificate and Key
For SSL it is recommended, but not required, that new certificates and keys are generated and
installed on the Apache web server with mod_ssl. The factory configured, self-signed certificate is
located in
/etc/httpd/server.crt
, and the key in
/etc/httpd/server.key
. After creating new certificates and
private keys, they will need to be saved in
/boot/etc/httpd/server.crt
and
/boot/etc/httpd/server.key
. To
generate a new certificate and key, issue these commands:
Summary of Contents for RTM3205
Page 2: ......
Page 6: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 18: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 126: ...R T M 3 2 0 5 U s e r M a n u a l 108 A P P E N D I X A This page intentionally left blank...
Page 154: ...R T M 3 2 0 5 U s e r M a n u a l 136 A P P E N D I X E This page intentionally left blank...
Page 156: ...R T M 3 2 0 5 U s e r M a n u a l 138 A P P E N D I X F This page intentionally left blank...
Page 160: ...R T M 3 2 0 5 U s e r M a n u a l 142 A P P E N D I X G This page intentionally left blank...
Page 168: ...R T M 3 2 0 5 U s e r M a n u a l 150 A P P E N D I X J This page intentionally left blank...
Page 179: ......