Managing the Radio | 309
Aprisa SRi User Manual 1.1.0
Connecting to the CLI via Telnet
1. Connect the PC Ethernet to the radio Ethernet port (assuming a compatible IP address range).
2. Open the PC Command Prompt.
3.
Type Telnet and the IP address of the radio ‘Telnet xx.xx.xx.xx’
.
4.
Login to the CLI with a default username ‘admin’ and password ‘admin’
.
Connecting to the CLI via SSH
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an
unsecured network. It is used in the Aprisa radio to provide a secure CLI remote access connection to the
radio. SSH is operated in server client mode, where the radio is acting as the SSH server. The communication
between the client and radio (server) is encrypted in SSHv2 (where SSHv2 vs SSHv1 uses a more enhanced
security encryption algorithm).
The SSHv2 protocol consists of three major components:
•
The Transport Layer Protocol provides server authentication, confidentiality and integrity with
perfect forward secrecy.
•
The User Authentication Protocol which authenticates the client to the server.
•
The Connection Protocol which multiplexes the encrypted tunnel into several logical channels.
The SSHv2 protocol has the following advantages:
•
Allows secure CLI connection over the internet.
•
Provides an alternate secure CLI connection to the un-secure CLI Telnet connection.
•
RADIUS, retype password change, user privilege and user account lockout are also applied over
SSHv2.
The Aprisa radio supports the following SSH features capabilities:
•
SSH is operated over Ethernet ports. It is also operated over the RF port when the radio is in
Advanced Router or Gateway router modes. SSH is not operated over USB or microUSB CLI.
•
The radio SSH support
s ‘
key re-exchange
’
which is initiated after 1 hour or 1GB data but only if
client initiates this process.
•
The radio supports simultaneous sessions of CLI / USB-CLI / Telnet / SSH.
•
SSH is supported OTA to repeater/remotes using the RF IP Address in advanced router mode.
•
Current SSH is supported OTA to repeater/remotes using the RF IP Address in advanced router mode.
•
Regenerates a new random SSH public/private key-
pairs, using the CLI command ‘
sshkeygen
’. This
command will delete current key pairs and on next reboot the radio will create a new pair.
•
Factory reset
doesn’t
clear the public / private key pairs.
•
Superviso
r ‘
Inactivity timeout
’
in Maintenance > General is also used for SSH to expire idle sessions.
•
Supervisor Maintenance > Advanced configuration save/restore does not save/restore the SSH public
/ private keys pairs.
•
A maximum 5 simultaneous SSH sessions can be supported.