SCS1600/3200 User Guide
4: Application Setup
Forming an SSH Connection to a Port
% ssh -p2202 (hostname or IP)
Security Enhancements
This section describes methods for increasing the security of the SCS.
Incoming Security
You can make the SCS into a highly secure host by turning off the FTP and HTTP
services using the command:
Set/Define Proto [ HTTP | FTP ] [Enabled | Disabled]
Note:
The web interface will no longer be available.
You can further restrict access to only SSH connections to the SCS command line and
serial ports, using the following command:
Set/Define Server Incoming Secure
The
Server Incoming Secure
command disallows unsecure Telnet and TCP connection
attempts. Access is through SSH only.
Port User Restrictions
You can constrain user access to specific ports on the SCS using the
Set/Def
Authentication User
command. This command currently only affects users
authenticated against the local SCS database.
To reject network connections to ports not on a user’s port target list, use the command:
Set/Define Authentication User <username> Port Target <portlist>
To reject serial logins to ports not on a user’s port list, use the command:
Set/Define Authentication User <username> Port Serial <portlist>
To show the user's current port restrictions, use the command:
Show Authentication User <username>
To reset the permissions back to the default, use the command:
Set/Define Authentication User <username> Port Factory
4-18