Lightwave Communications SCS1620 Product Manual Download Page 22 | Manualshive

Page: 22 / 98

background image

SCS1620 Product Manual

Lightwave Communications

Page

22

www.lightwavecom.com

5.1.2 Logging

Out

To log out from a session, enter the command

logout

logout

logout

logout

. If logging out from a

network session, the Console Server will disconnect the telnet session. If logging
out from a direct serial session, the SCS1620 returns to the

login:

login:

login:

login:

prompt.

When you are done with any programming changes, you should always log out.

5.2 Security

and

Passwords

The SCS1620 uses Linux / UNIX commands to administer the system. The
System Administrator (

sysadmin

) and the Users access the system using a shell

interface, which limits what the user or sysadmin will affect in the operating
system. Those that are familiar with Linux realize that there are numerous
commands and files that are not discussed in this manual (intentionally). Some of
the SCS1620's options (e.g., ssh, LDAP) interact with operating system directly.

The shell is designed to offer the appropriate level of administration while
maintaining the integrity of the system. This can be defeated if the sysadmin
does not protect the system by changing the passwords upon installation. The
system's default values are configured to minimize security issues, however, as
features are turned on by the sysadmin, more potential security holes open up.

The sysadmin programming level is as close to 'root' as is required to administer
the SCS1620, but it is not the most-senior root level. The root level is
intentionally removed from the shell, however, it exists in the system and its
password must be changed to protect from unauthorized access or changes.

Note:

There are no 'back door' passwords. You can lock the system down and

prevent programming access if you misplace your passwords. If you forgot the
passwords you entered, the system FLASH must be replaced.

One interesting, relevant article (of many) on Linux Security can be found at:

http://linux.com/interact/newsitem.phtml?sid=82&aid=6326

5.2.1 Change the sysadmin password

The System Administrator must change the password for the

sysadmin

level

before it is connected to a network or accessible from 'the outside world'.

5.2.2 Change the root password

The System Administrator must change the password for the root level. Although
root access is not required by the sysadmin or the users, it is accessible by the
sysadmin and can be accessed using ssh.

This is especially important if ssh is enabled since ssh can offer the ability for
root-level access by a remote system (depending on sysadmin settings).

«
...
20
21
22
23
24
...
»

Summary of Contents for SCS1620

Page 1: ...Secure Console Server Model SCS1620 Product Guide Part Number 15 00 032 Revision B February 2002...

Page 2: ...SCS1620 Product Manual Lightwave Communications Page ii www lightwavecom com...

Page 3: ...NIX is a registered trademark of The Open Group Windows 95 Windows 98 Windows 2000 and Windows NT are trademarks of Microsoft Corp Netscape is a trademark of Netscape Communications Corporation Adobe...

Page 4: ...ed to provide reasonable protection against such interference when operating in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and u...

Page 5: ...Radiated Immunity Field Test EN61000 4 4 1995 Electrical Fast Transient Test EN61000 4 5 1995 Power Supply Surge Test EN61000 4 6 1996 Conducted Immunity Test EN61000 4 8 1993 Magnetic Field Test EN61...

Page 6: ...l 11 2 4 2 Network 11 2 4 3 Modem 12 2 4 4 Power Manager 12 2 5 Device Port Buffer 12 2 6 System Resource Information 12 3 0 Installation 13 3 1 Physical Installation 13 3 2 Power 13 3 2 1 AC Input 13...

Page 7: ...3 5 Configure Services 35 5 3 6 Configure Modem 37 5 3 7 PPP and CHAP or PAP 41 5 3 8 Configure NIS 44 5 3 9 Configure LDAP 46 5 3 10 Configure the Firewall 48 5 3 11 Done 53 5 4 SAVE 56 5 4 Reboot 57...

Page 8: ...C 3 Electrical 87 C 3 1 AC Power 87 C 3 2 DC Power 88 C 4 Interface 88 C 4 1 Terminal and Device 88 C 4 2 Network 88 C 4 3 Modem 88 C 4 4 Power Manager 88 C 5 Compliance and Certification 89 Appendix...

Page 9: ...s 10 100 baseT IP network compatible ID Password Security configurable access rights OpenSSH version 2 security Open LDAP NIS capable for remote database rights Modem support for PPP PAP or CHAP and C...

Page 10: ...ring One 1 serial TERMINAL port for VT100 console or PC with emulation One 1 POWER MANAGER port DB9F serial interface for Lightwave PCU8 Power Control Unit Optional One 1 Modem Module for analog Dial...

Page 11: ...is controlled by assigning access rights to system user profiles Each user profile is assigned an ID a password and access rights Users must have a user profile to access any of the attached devices T...

Page 12: ...user is not directly interacting with the attached device 2 6 System Resource Information The SCS1620 is programmable using OS level commands and options The System Administrator sysadmin configures t...

Page 13: ...r rubber feet are provided and the rack mount brackets may be removed 3 2 Power The SCS1620 consumes less than 20W of electrical power The SCS1620 is available as AC powered models or DC powered model...

Page 14: ...the DC powered systems and the connectors are also available separately from Lightwave See Appendix D for specifications regarding the DC power source 3 3 Connecting a Terminal Console The TERMINAL po...

Page 15: ...n the terminal or start your computer s communication program 3 4 Connecting to the Device Port Any serial device that has a console port may be connected to the SCS1620 for consolidated remote admini...

Page 16: ...Network Port Also refer to the setup setup setup setup command in Section 5 3 for additional network configuration 3 6 Connecting the Modem Port An optional modem module is available for the SCS1620...

Page 17: ...red as Device Port 17 and operates like the other DEVICE ports except that its physical interface is a DB9F serial connector The Power Manager port is intended for the Lightwave PCU8 Power Control Uni...

Page 18: ...display and pushbuttons can be used to set up the basic network interface which will allow the sysadmin to access the SCS1620 using your existing IP network Front Panel LCD Display and Pushbuttons The...

Page 19: ...isplay shows the feature that you wish to edit press the SELECT key to enter the editing mode The display will show Editing Network Settings or other feature if chosen 3 A cursor appears under one cha...

Page 20: ...fault IP address of the SCS1620 is 10 0 0 1 with a subnet mask of 255 0 0 0 For Windows 9x from the DOS command prompt type route add 10 0 0 1 mask 255 0 0 0 your workstation s IP address route add 10...

Page 21: ...re the ENTER key to respond and are case sensitive 5 1 System Administrator Functions When the SCS1620 is first installed and powered up it must be configured to operate with your network Connect the...

Page 22: ...m s default values are configured to minimize security issues however as features are turned on by the sysadmin more potential security holes open up The sysadmin programming level is as close to root...

Page 23: ...tor logs into the SCS1620 for the first time It is a text based user interface and requires VT100 terminal support using the keyboard no mouse At default values SSH is not enabled encryption keys have...

Page 24: ...ally at any time thereafter If using the setup setup setup setup command you will see the following display on your VT100 terminal this session screen was generated using SSH login which shows a sligh...

Page 25: ...ll get the following message The setup screen is shown after successfully reaching the setup mode The experienced Linux user may also directly edit any parameter they choose The setup screen is put in...

Page 26: ...ntinues to the Menu List shown on the next page which includes 10 options and DONE The sysadmin can step through the menu using the arrow keys or use a combination of arrow keys and the Tab key to sel...

Page 27: ...ter Address Gateway and NIS Domain Hostname including domain IP Address of the SCS1620 Network Mask of IP address Gateway IP address of the Router of this network If using NIS the NIS domain name Sele...

Page 28: ...ostname Use Back at any time if you wish to go back one screen Select Next using Tab and Arrows and press Enter to proceed Note The HOSTNAME appears as your command prompt when logged in to the system...

Page 29: ...Network Mask in dot quad notation select Next using Tab and Arrows and press Enter to proceed Note Do NOT use leading 0 s in the numeric fields for numbers less than 100 For example if your netmask is...

Page 30: ...and Arrows and press Enter to proceed If you will be using NIS enter a value for the NISDOMAIN select Next using Tab and Arrows and press Enter to proceed You are returned to the setup program menu Yo...

Page 31: ...0 Product Manual 15 00 032 Rev B Page 31 5 3 3 Configure Timezone Configure Timezone using TUC time parameters Set the Local Timezone For some Timezone entries select the sub entry for the Local Timez...

Page 32: ...3 4 Configure DNS Note If you choose to configure the DNS entry you are required to complete at least the Primary DNS Nameserver field If you cannot complete this entry at this time enter an address...

Page 33: ...Company SCS1620 Product Manual 15 00 032 Rev B Page 33 Press Enter to proceed Enter a value for the Primary Nameserver This is a required entry After your entry is correct select Next and press Enter...

Page 34: ...ue for the Secondary Nameserver if you have one This is optional After your entry is correct select Next and press Enter to proceed Enter a value for the Tertiary Nameserver This is optional leave the...

Page 35: ...Page 35 You are returned to the setup program menu 5 3 5 Configure Services Configure Services syslog ssh and or telnet Enable syslog system logging yes no Enable System Logins using ssh yes no Enable...

Page 36: ...ommunications Page 36 www lightwavecom com For System Logging select Yes or No using the arrows then select Next using Tab and press Enter to proceed For SSH select Yes or No using the arrows then sel...

Page 37: ...e Modem Logins to allow PPP and or TTY no exit Enable Modem TTY Logins Enable Modem TTY Modem Callbacks o Enter Callback Telephone Number if YES above Configure PPP no exit o IP Address es Local and R...

Page 38: ...Product Manual Lightwave Communications Page 38 www lightwavecom com This step assumes a positive response press Enter to proceed Select Yes or No using the arrows then select Next using Tab and pres...

Page 39: ...ntronix Company SCS1620 Product Manual 15 00 032 Rev B Page 39 Select Yes or No using the arrows then select Next using Tab and press Enter Enter the TTY Callback number Press Esc to end the editing m...

Page 40: ...ing the arrows then select Next using Tab and press Enter If you choose No this subroutine ends and you return to the menu and your menu choice will skip to Configure NIS since PPP features will be di...

Page 41: ...7 PPP and CHAP or PAP PPP Authentication Either CHAP or PAP Required if PPP is enabled o Enter CHAP Secrets information if CHAP yes Enter CHAP Secrets information as 4 separate fields separated by a s...

Page 42: ...com If you select No you will be directed to the PAP secrets steps If you select Yes you will be directed to the CHAP secrets steps Select Yes or No using the arrows then select Next using Tab and pr...

Page 43: ...d Press ESC when done then select Next and Enter to proceed PAP Secrets Or PAP Secrets instead of CHAP secrets if CHAP was not selected previously This is a text fill in field for the sysadmin for PAP...

Page 44: ...SCS1620 Product Manual Lightwave Communications Page 44 www lightwavecom com 5 3 8 Configure NIS Configure NIS Enable NIS Authentication no exit Enter IP Address of NIS Server Press Enter to continue...

Page 45: ...Company SCS1620 Product Manual 15 00 032 Rev B Page 45 Select Yes or No using the arrows then select Next using Tab and press Enter Enter the value for the NIS server then select Next using Tab and p...

Page 46: ...Lightwave Communications Page 46 www lightwavecom com 5 3 9 Configure LDAP Configure LDAP Enable LDAP version 2 Authentication no exit Enter IP Address of LDAP Server Input value for the LDAP Base Pr...

Page 47: ...ix Company SCS1620 Product Manual 15 00 032 Rev B Page 47 Select Yes or No using the arrows then select Next using Tab and press Enter Enter the IP address of the LDAP server select Next using Tab pre...

Page 48: ...r If your entry was improper you ll get a warning statement 5 3 10 Configure the Firewall Configure the Firewall Enable the Firewall no exit DENY for Ignore Connection Attempts sends no response REJEC...

Page 49: ...any SCS1620 Product Manual 15 00 032 Rev B Page 49 Press Enter to continue Select Yes or No using the arrows then select Next using Tab and press Enter If you choose No this subroutine ends and you re...

Page 50: ...Communications Page 50 www lightwavecom com Enter DENY to ignore and not respond to any connection attempts Enter REJECT to return a connection rejected message to any connection attempts Then select...

Page 51: ...enabled separated by a space Any service previous enabled that is not listed here will then be disabled Please note that this field does not remove a service from the system but merely turns it off F...

Page 52: ...bled that is not listed here will then be disabled Please note that this does not remove a service from the system but merely turns it off For utmost security a feature e g telnet that is not needed s...

Page 53: ...the previous programming options you must save the values in order to commit them to memory and enable the changes Likewise you can exit the setup program without making any changes at this time Save...

Page 54: ...ww lightwavecom com Press Enter to continue Select Yes or No using the arrows then select Next using Tab and press Enter If you select Yes the system will commit the changes to memory same as performi...

Page 55: ...0 Product Manual 15 00 032 Rev B Page 55 The system then writes and properly stores the files Depending on the features and options you have selected especially Firewall options this can take several...

Page 56: ...4 SAVE The SCS1620 will automatically save the programmed parameters after running the setup script for the first time only The sysadmin MUST run the SAVE script after any programming changes if the...

Page 57: ...aved into non volatile memory the Reboot operation includes a prompt allowing you to SAVE the files if desired SAVE can be run at any time even after a reboot as shown above All other setup setup setu...

Page 58: ...ser Settings x x exit Deselect a port x x help Display Help x x info Show system information x x less Browse history buffer x x listdev List device names x x listen Listen to a port x listusers List U...

Page 59: ...and the power on self test will run Only the system administrator may issue the reboot reboot reboot reboot command sysadmin reboot Broadcast message from root ttyM17 Tue Oct 2 14 24 49 2001 The syst...

Page 60: ...wd At the first login the SCS1620 will use the factory default password PASS PASS PASS PASS all upper case This default password should be changed as soon as possible to prevent access by anyone other...

Page 61: ...as Use alias alias alias alias to get a list of some of the system command aliases sysadmin alias Command aliases dir direct devl listdevice sel select help ver version lu listusers devices editdev de...

Page 62: ...20 save changes made to etc files V1 02 break SCS1620 disconnect a user from a port V1 02 ci SCS1620 Shell V2 01 connections SCS1620 show users in direct mode V1 02 devices SCS1620 modify device port...

Page 63: ...host elsewhere After the keys have been generated the user can establish a secure shell connection using ssh over a network syslog The SCS1620 keeps a system log file called var log syslog var log sys...

Page 64: ...d the idle time exceeds the timeout duration the session will be disconnected by the system Use timeout timeout timeout timeout h h h h to get a help file for the timeout feature Use timeout timeout t...

Page 65: ...or name to edit and update the parameter settings of a device Step through each device option when done the system prompts Are you sure before accepting the changes dtedce Use dtedce dtedce dtedce dte...

Page 66: ...user is connected to the device and is in direct mode The device port buffer still collects data while not in direct mode when this setting is active It may be desirable to disable direct mode buffer...

Page 67: ..._LISTEN ALLOW_LISTEN ALLOW_LISTEN prompt determines which devices a user may select for listen mode To edit or change parameters for the sysadmin enter the command edituser edituser edituser edituser...

Page 68: ...dmin sysadmin adduser usage lci bin adduser name sysadmin adduser newuser Changing password for user newuser New UNIX password Retype new UNIX password passwd all authentication tokens updated success...

Page 69: ...sure y sysadmin As soon as the password has been entered the system creates the new user identity and authenticates and creates the default parameters for it The system automatically enters the editu...

Page 70: ...tusers listusers listusers command to verify after deleting a user ID editbrk Use editbrk user name editbrk user name editbrk user name editbrk user name to edit the break sequence for a user The brea...

Page 71: ...ect port name or number direct port name or number direct port name or number to connect to a port only applies to port for which this user is allowed DIRECT access listen Use listen port name or numb...

Page 72: ...using their programmed Escape sequence The preset value for this option is ESC then A which must be performed quickly but not simultaneously 6 5 3 Break Sequence The user can send a break signal to t...

Page 73: ...m card is hot swappable so it is not necessary to power down the unit before installing the modem card 1 Remove the blank metal plate covering the modem slot on the SCS1620 Insert the modem card 2 Ins...

Page 74: ...run on the system This command does not appear in the help help help help or command menu list since it is only used when installing the modem card after the initial installation To Initialize the Mo...

Page 75: ...scape character is SCS1620 login 8 3 Modem Module The SCS1620 with the optional Modem module can support three configurations Plain text tty This provides for an interface identical to that presented...

Page 76: ...ay be accessed by the user see Section 5 7 Using the Buffer but the user may issue no commands to the server If the user desires to issue commands to the server they must enter direct mode see Section...

Page 77: ...ce a window with the hexadecimal representation of the old escape sequence will appear Pressing ESC to exit from the edit prompt will not work it will add additional ESC characters hexadecimal value 1...

Page 78: ...em A A 01 01 of Terminal Device RJ45 Connector Pinouts SCS1620 Drawing Number 1620_term_dev vsd 1 4 6 8 7 2 3 5 Tx Rx RTS CTS DTR DSR DCD SG SCS1620 Terminal Device DTE RJ45 1 4 6 8 7 2 3 5 Tx Rx RTS...

Page 79: ...most SUN applications Title Size Part Number Rev Sheet File System A A 200d0066S vsd 01 01 of RJ45 Receptacle to DB25M Adapter 200 0066 SCS1620 2 DB25 MALE 3 4 5 6 7 8 20 3 2 7 8 6 5 1 4 RJ45 pin 1 Dr...

Page 80: ...Part Number Rev Sheet File System A A 200d0067 1620 vsd 01 01 of RJ45 Receptacle to DB25F Adapter 200 0067 SCS1620 2 DB25 FEMALE 3 4 5 6 7 8 20 3 2 7 8 6 5 1 4 RJ45 pin 1 Drawing Number 700 200 0067 1...

Page 81: ...mber Rev Sheet File System A A 200d0069 vsd 01 01 of RJ45 Receptacle to DB9M Adapter 200 0069 System Console Switch 1 DB9 MALE 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 RJ45 pin 1 Drawing Number 700 200 0069 261...

Page 82: ...s serial port Title Size Part Number Rev Sheet File System A A 200d0070 1620 vsd 01 01 of RJ45 Receptacle to DB9F Adapter 200 0070 SCS1620 1 DB9 FEMALE 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 RJ45 pin 1 Drawing...

Page 83: ...rs Title Size Part Number Rev Sheet File System A A 01 01 of Netra t1 to SCS1620 RJ45 adapter pinout 200 0225 SCS1620 Drawing Number 700 200 0225 200d0225 vsd 100 Washington Street Milford CT 06460 80...

Page 84: ...620 s operating software can be updated by a downloadable software update downloaded from Lightwave s FTP site which consists of two files a tar file and an update script file The two files must alway...

Page 85: ...so that the case is accessible Shut Down the SCS1620 1 You must be logged in as sysadmin 2 Type poweroff and press Enter The system will gracefully shut down and close all files after about two minute...

Page 86: ...it to prevent static discharge slide the Flash module into the holder DO NOT FORCE THE MODULE IN it is keyed by its alignment grooves and will slide easily only one way 4 Be certain that the module is...

Page 87: ...ndensing Storage temperature range 4 F 20 C to 158 F 70 C Storage humidity range 10 to 90 RH non condensing Heat generated in normal operation 75 1 BTU hour C 3 Electrical Both the AC and DC power ver...

Page 88: ...rate 115 200 Minimum baud rate 2400 Maximum user sessions 16 ports any combination C 4 2 Network Connector RJ45 Protocol TCP IP IP version 4 Maximum speed 10 or 100 Mbits half duplex Auto negotiation...

Page 89: ...Warning This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Note This equipment has been tes...

Page 90: ...trip DC rated Overcurrent protection devices e g circuit breakers must be provided as part of each installation and are not included with the SCS1620 The device must be located between the DC power so...

Page 91: ...Equivalent Character Hexadecimal Code Equivalent Character 00 NUL 20 SP 01 SOH 21 02 STX 22 03 ETX 23 04 EOT 24 05 ENQ 25 06 ACK 26 07 BEL 27 08 BS 28 09 HT 29 0A NL 2A 0B VT 2B 0C NP 2C 0D CR 2D 0E...

Page 92: ...Code Equivalent Character 40 60 41 A 61 a 42 B 62 b 43 C 63 c 44 D 64 d 45 E 65 e 46 F 66 f 47 G 67 g 48 H 68 h 49 I 69 i 4A J 6A j 4B K 6B k 4C L 6C l 4D M 6D m 4E N 6E n 4F O 6F o 50 P 70 p 51 Q 71...

Page 93: ...isplayed To end the less less less less program press q to return to the command line SUMMARY OF LESS COMMANDS Commands marked with may be preceded by a number N Notes in parentheses indicate the beha...

Page 94: ...et command goes forward to the close bracket matching the N th open bracket in the top line Each find open bracket command goes backward to the open bracket matching the N th close bracket in the bott...

Page 95: ...s CAUTION It is possible to damage a file which might render the system inoperative by improper use of a file or command editor on system files This section is only meant as a review for those familia...

Page 96: ...rt the text All existing text is shifted down and follows the text you are about to insert u undo the last modification x delete the letter at the current cursor position dd delete the current line On...

Page 97: ...ing the root password To Change the root level password of the SCS1620 follow the example above The default root password is root 1 Log in as sysadmin 2 Type bash bash bash bash to get to root level n...

Page 98: ...SCS1620 Product Manual Lightwave Communications Page 98 www lightwavecom com For Your Notes...

Reviews:

No comments

Related manuals for SCS1620

Brand: dbx Pages: 2

Brand: Patton electronics Pages: 75

RocketLink-G 3088/I

Brand: Patton electronics Pages: 61

Brand: Patton Pages: 12

Brand: Patton Pages: 84

OnSite 3210 Series

Brand: Patton Pages: 110

Brand: Patton electronics Pages: 2

SMARTNODE 4110 Series

Brand: Patton electronics Pages: 78

Brand: Patton electronics Pages: 8

Brand: Intellinet Pages: 2

HomePlug AV Ethernet Bridge PLE0200

Brand: Abocom Pages: 2

Brand: NEC Pages: 2

Brand: ICP DAS USA Pages: 8

LinkStation Mini

Brand: Buffalo Pages: 71

Brand: IDT Pages: 207

Brand: Renesas Pages: 4

EK-FC750 GTX Series

Brand: ekwb Pages: 2

Wisenet XRN-6410RB2-24TB

Brand: Hanwha Techwin Pages: 124

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands