&
User
AN-80i
Manual
70-00072-01-08b
Proprietary Redline Communications © 2009
Page 108 of 128
June 4, 2009
192.168.25.2# load file 192.168.25.1 usr_wacert_00-09-02-01-C1-9A.der
192.168.25.2# load file 192.168.25.1 usr_wkey_00-09-02-01-C1-9A.der
192.168.25.2# load file 192.168.25.1 usr_wcert_00-09-02-01-C1-9A.der
192.168.25.2# reboot
The unit must be rebooted to activate changes to the user table files.
Figure 51: Security - Sample Certificate
7.2
Equipment Management Security
7.2.1 Using SSH for Secure Telnet Access
The SSH feature can be enabled and disabled using CLI commands (set ssh on/off) or
the HTTP Web interface (SSH Enable field in the Web interface).
SSH User and Factory Keys
This feature requires DSA and RSA key files (PEM format) to be loaded on the AN-80i.
When SSH is enabled, the user (usr) key files have the highest priority. Factory (fact)
key files are used when there are no key files in the user table. Embedded key files are
used when there are no user or factory key files.
All AN-80i units field upgraded to v3.09-PTP/11.20-PMP (or higher) will contain
embedded default keys. The embedded default keys are identical for all units.
Note: Units manfactured with v3.09-PTP/11.20-PMP (or higher) software may include
pre-installed DSA and RSA keys saved in the factory (fact) table.
Generate Keys Locally on AN-80i (User)
The user can generate RSA (1024 bit) and DSA (512 bit) key files locally on the AN-80i.
These key files are automatically saved in the user (usr) table. Use the CLI 'generate'
command to create the DSA and RSA key files.
Example: Create DSA and RSA keys:
192.168.25.2# generate sshkey dsa
192.168.25.2# generate sshkey rsa
192.168.25.2# reboot
The unit must be rebooted following any changes (load/del) to the user table files.