Avatar of dblohm
dblohm
 asked on

Can one configure a packetshaper to use ssh on the console port?

Can one configure a PacketShaper to use ssh on the console port? The powers that be that make decisions for our network have decried 'tho shalt not use telnet'. We use, I should say, used to use a 'reverse telnet' technique to console into the shapers.
Any ideas?
NetworkingNetworking Hardware-OtherNetwork ManagementRoutersNetwork Operations

Avatar of undefined
Last Comment
dblohm

8/22/2022 - Mon
Bryant Schaper

Yes, they look to support SSH

PacketWise supports SSH v1 and SSH v2 protocols. Not all ciphers and MAC (Message Authentication Code) algorithms are supported for these two protocol versions.

Changing the SSH Port Number

PacketWise is automatically configured to run SSH on port 22, but you can select a different listening port if necessary.

To change the SSH port number:

1. Click the Setup tab.

2. From the Choose Setup Page list, select SSH. The Secure Shell settings appear on the Setup screen.  show screen

3. Enter the new port number in the SSH Port field.

4. Click apply changes to update the settings.

Generating New Key Pairs

If you believe the key's security was compromised, you can generate new SSH key pairs.

To generate new key pairs:

1. In the Secure Shell Settings screen, click generate ssh key pairs. The Secure Shell Keys window appears.  Show screen

2. From the New Key Size list, select the key size (512, 768, 1024, or 2048 bits). 2048 is the default size starting in PacketWise 8.7.9 (1024 in previous versions).

 If you are using SSHv1, you should choose 512 or 1024. If you are using SSHv2, select either 768 or higher.

3. Click generate keys.

4. Click OK to confirm. After a moment, the output of the encryption algorithm appears next to DSA Fingerprint, RSA Fingerprint, and RSA1 Fingerprint. Each fingerprint appears as a sequence of 16 bytes in hexadecimal, separated by colons.
dblohm

ASKER
This is all well and good, but... my question was, how does one( if it can be done) configure the console port to make use of SSH? To put it in Cisco terms: I would simply set a 'transport input SSH' on the AUX port on the router side. Is there a Bluecoat version to do a 'transport output SSH' on the Console port?
ASKER CERTIFIED SOLUTION
Bryant Schaper

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Predrag Jovic

I don't think that is possible. The console does not use telnet or ssh.
I was surprised, too, but they do. :)
I guess that is for the case that you have terminal server, and need security in place.

On Cisco you can enable ssh on console port by

(config)#line console 0
(config-line)#transport preferred ?
  none    No protocols
  rlogin  Unix rlogin protocol
  ssh     TCP/IP SSH protocol
  telnet  TCP/IP Telnet protocol

But I have no idea about Bluecoat version of that.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Bryant Schaper

wonder if it works or just part of the line config, rs232 just kind of dumps data and receives input.
Predrag Jovic

Looks like it works. Reverse SSH enhancement. Although I did not use that options ever. :)
And this Configuring Terminal Operating Characteristics for Dial-In Sessions
Bryant Schaper

yes, but that is for virtual line 1 15 kind of stuff isn't it, I thought we were talking about the physical console port on the device that is rs-232.  I cant really "ssh COM1" can I?

I will have to play around with it in the lab?  I am use to just password protecting the console port, because to use it you need physical access to the device anyways and it is not over the network
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
dblohm

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
dblohm

ASKER
Information provided by device vendor's technical support.