xSenso User Guide
85
16: Security Settings
The xSenso device supports Secure Shell (SSH) and Secure Sockets Layer (SSL). SSH is a
network protocol for securely accessing a remote device. SSH provides a secure, encrypted
communication channel between two hosts over a network. It provides authentication and
message integrity services.
Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the
Internet. It uses digital certificates for authentication and cryptography against eavesdropping and
tampering. It provides encryption and message integrity services. SSL is widely used for secure
communication to a web server. SSL uses certificates and private keys.
Note:
The device supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming
SSLv2 connection attempt is answered with an SSLv3 response. If the initiator also
supports SSLv3, SSLv3 handles the rest of the connection.
SSH Settings
SSH is a network protocol for securely accessing a remote device over an encrypted channel. This
protocol manages the security of internet data transmission between two hosts over a network by
providing encryption, authentication, and message integrity services.
Two instances require configuration: when the xSenso is the SSH server and when it is an SSH
client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode.
The SSH client is for Action Connect Mode.
To configure the xSenso as an SSH server, there are two requirements:
Defined Host Keys:
both private and public keys are required. These keys are used for the
Diffie-Hellman key exchange (used for the underlying encryption protocol).
Defined Users
: these users are permitted to connect to the xSenso SSH server.
SSH Server Host Keys
The SSH Server Host Keys are used by all applications that play the role of an SSH Server.
Specifically Tunneling in Accept Mode. These keys can be created elsewhere and uploaded to the
device or automatically generated on the device.
If uploading existing keys, take care to ensure the Private Key will not be compromised in transit.
This implies the data is uploaded over some kind of secure private network.
Note:
Some SSH Clients require RSA Host Keys to be at least 1024 bits in size.
Table 16-1 SSH Server Host Keys
RSS Settings
Description
Private Key
Enter the path and name of the existing private key you want to upload. In
WebManager, you can also browse to the private key to be uploaded. Be sure the
private key will not be compromised in transit. This implies the data is uploaded over
some kind of secure private network.