The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.
Can one configure a packetshaper to use ssh on the console port?
Can one configure a PacketShaper to use ssh on the console port? The powers that be that make decisions for our network have decried 'tho shalt not use telnet'. We use, I should say, used to use a 'reverse telnet' technique to console into the shapers.
Any ideas?
Any ideas?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
This is all well and good, but... my question was, how does one( if it can be done) configure the console port to make use of SSH? To put it in Cisco terms: I would simply set a 'transport input SSH' on the AUX port on the router side. Is there a Bluecoat version to do a 'transport output SSH' on the Console port?
I don't think that is possible. The console does not use telnet or ssh. They use a serial steam I believe and you are just using a client that supports reading from a comm port like putty.
But that port is not on the network.
But that port is not on the network.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
I don't think that is possible. The console does not use telnet or ssh.I was surprised, too, but they do. :)
I guess that is for the case that you have terminal server, and need security in place.
On Cisco you can enable ssh on console port by
(config)#line console 0
(config-line)#transport preferred ?
none No protocols
rlogin Unix rlogin protocol
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
But I have no idea about Bluecoat version of that.
wonder if it works or just part of the line config, rs232 just kind of dumps data and receives input.
Looks like it works. Reverse SSH enhancement. Although I did not use that options ever. :)
And this Configuring Terminal Operating Characteristics for Dial-In Sessions
And this Configuring Terminal Operating Characteristics for Dial-In Sessions
yes, but that is for virtual line 1 15 kind of stuff isn't it, I thought we were talking about the physical console port on the device that is rs-232. I cant really "ssh COM1" can I?
I will have to play around with it in the lab? I am use to just password protecting the console port, because to use it you need physical access to the device anyways and it is not over the network
I will have to play around with it in the lab? I am use to just password protecting the console port, because to use it you need physical access to the device anyways and it is not over the network
Gents;
I finally got a response from Bluecoat. It is as I suspected and you have surmised. According to Bluecoat the console port cannot be manipulated. to Quote:
"Thank you for reaching out. I understand you have concerns regarding SSH access via the console port. It looks like you are using the console on the PS via telnet from the another device (Using RDP in to the other devices and using the console port to access the Packetshaper).
This will no longer work when you disable telnet, and the only other ways to access the PS are, you can directly use SSH or HTTPS to the PacketShaper (Ethernet), or you can have a device that can tunnel SSH to console just like what you are doing with tunneling telnet to console.
Regarding a configuration on the console, unfortunately the console settings on the PackethShaper cannot be changed. "
I finally got a response from Bluecoat. It is as I suspected and you have surmised. According to Bluecoat the console port cannot be manipulated. to Quote:
"Thank you for reaching out. I understand you have concerns regarding SSH access via the console port. It looks like you are using the console on the PS via telnet from the another device (Using RDP in to the other devices and using the console port to access the Packetshaper).
This will no longer work when you disable telnet, and the only other ways to access the PS are, you can directly use SSH or HTTPS to the PacketShaper (Ethernet), or you can have a device that can tunnel SSH to console just like what you are doing with tunneling telnet to console.
Regarding a configuration on the console, unfortunately the console settings on the PackethShaper cannot be changed. "
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
PacketWise supports SSH v1 and SSH v2 protocols. Not all ciphers and MAC (Message Authentication Code) algorithms are supported for these two protocol versions.
Changing the SSH Port Number
PacketWise is automatically configured to run SSH on port 22, but you can select a different listening port if necessary.
To change the SSH port number:
1. Click the Setup tab.
2. From the Choose Setup Page list, select SSH. The Secure Shell settings appear on the Setup screen. show screen
3. Enter the new port number in the SSH Port field.
4. Click apply changes to update the settings.
Generating New Key Pairs
If you believe the key's security was compromised, you can generate new SSH key pairs.
To generate new key pairs:
1. In the Secure Shell Settings screen, click generate ssh key pairs. The Secure Shell Keys window appears. Show screen
2. From the New Key Size list, select the key size (512, 768, 1024, or 2048 bits). 2048 is the default size starting in PacketWise 8.7.9 (1024 in previous versions).
If you are using SSHv1, you should choose 512 or 1024. If you are using SSHv2, select either 768 or higher.
3. Click generate keys.
4. Click OK to confirm. After a moment, the output of the encryption algorithm appears next to DSA Fingerprint, RSA Fingerprint, and RSA1 Fingerprint. Each fingerprint appears as a sequence of 16 bytes in hexadecimal, separated by colons.