Setting Up a Secure Telnet Connection to the EAGLE using OpenSSH

C Setting Up a Secure Telnet Connection to the EAGLE using OpenSSH

Appendix C, Setting Up a Secure Telnet Connection to the EAGLE using OpenSSH describes the procedures for setting a secure telnet connection to the EAGLE using OpenSSH.

C.1 Introduction

This appendix contains the procedures for establishing a secure telnet connection to the EAGLE using OpenSSH. Perform these procedures.

If a Windows machine will be used to make the connection, perform these procedures.
- Install the Windows OpenSSH Software to install the software.
- Establishing a Secure Telnet Connection to the EAGLE using Windows OpenSSH to establish the connection.
If a UNIX/Solaris machine will be used to make the connection, perform these procedures.
- Install the UNIX/Solaris OpenSSH Software to install the software.
- Establishing a Secure Telnet Connection to the EAGLE using UNIX/Solaris OpenSSH to establish the connection.

Before establishing the secure connection to the EAGLE, the EAGLE needs to be configured with these items.

IPSMs that are in service and containing IP addresses for each IPSM. The IP router on the IPSM must be configured if the client is using a different subnet.
The Eagle OA&M Security Enhancement feature must be enabled and turned on.

Enter these commands on the EAGLE to verify the IPSM and feature configuration.

rtrv-ip-lnk - shows the IP addresses assigned to the IPSM, in the IPADDR column
rtrv-ip-card - shows the IP router, in the DEFROUTER field.
rept-stat-card - shows the state of the IPSM, in the PST column
pass:loc=<IPSM card Location>:cmd="netstat -a" - shows the state of the ports 22 and 23 on the IPSM, in the (state) column. If the IPSM is configured correctly, the state of these ports will be LISTEN.
rtrv-ctrl-feat - shows whether or not the Eagle OA&M Security Enhancement feature is enabled and turned on.

Perform the Adding an E5-IPSM procedure to configure the IP addresses of the IPSM, the IP router, and to put the IPSM in service. Perform the Activating the EAGLE OA&M IP Security Enhancement Controlled Feature to enable and turn on the Eagle OA&M Security Enhancement feature.

C.2 Install the Windows OpenSSH Software

To install the software on a Windows machine, perform these steps.

Go to this site: http://sourceforge.net/project/showfiles.php?group_id103886&package_id=111688.
Select the setupssh381-20040709.zip file and download the file.
After the file has been downloaded, run the installer and install all the components.

The recommended folder for installing the components is C:\OpenSSH.

After installing the software, this warning may be displayed.

Figure C-1 OpenSSH Warning Window

Click the OK button and perform the Establishing a Secure Telnet Connection to the EAGLE using Windows OpenSSH procedure.

C.3 Establishing a Secure Telnet Connection to the EAGLE using Windows OpenSSH

To establish a secure telnet connection to the EAGLE using OpenSSH, perform these steps.

Open two DOS windows.
In DOS window 1, go to the bin folder in the folder where the OpenSSH software was installed.

For this example, enter this command

cd C:\OpenSSH\bin
In DOS window 1, enter the ssh command with these options and values.
- -N - once the authentication is complete, the ssh program executes in the background, meaning the prompt should be returned so that the telnet command can be entered.
- -f
- -L
- the local/forwarding port number, for this example, 23000
- the local loopback address, 127.0.0.1:23. Port 23 is reserved for ssh.
- The IP address of the EAGLE IPSM. For this example, 10:253.104.36.
For this example, enter this command.

ssh -N -f -L 23000:127.0.0.1:23 10:253.104.36
Note:
1. When issuing the ssh command, if the IPSM on the EAGLE has undergone a hard reset, the ssh key stored in the local_host file must be purged.
2. If you are making the connection to the EAGLE for the first time, and you are prompted to accept the ssh key, accept the ssh key and proceed to 4
In DOS window 2, enter the telnet command with the the local loopback address, without the port number, the local/forwarding port number specified in 3. for this example, enter this command.

telnet 127.0.0.1 23000
When the Eagle prompt is received in DOS window 2, choose an EAGLE terminal and login with your EAGLE username and password.
If you wish to establish another secure telnet connection to the EAGLE, perform 3 with a different local/forwarding port number, then perform 4 using the local/forwarding port number specified in 3.
To logout of the EAGLE and close the secure telnet connection, perform these actions.
- At the EAGLE, enter the logout command.
- Press the Ctrl+] keys to receive the telnet prompt.
- Enter quit.
- The prompt in DOS window 2 goes to C:\.
- The ssh command in DOS window 1 goes away and the prompt returns to \C:.

C.4 Install the UNIX/Solaris OpenSSH Software

To install the software on a UNIX/Solaris machine, perform these steps.

The software can also be found at various mirror sites. These sites can be found at this address:

http://www.openssh.org/portable.html#http

If you wish to use one of the other mirror sites, select the closest mirror site.
Download this file, openssh-3.7.1p1.tar.gz, from the site selected in 1.
After the file has been downloaded, run the installer and install all the components.

After the software has been installed, perform the Establishing a Secure Telnet Connection to the EAGLE using UNIX/Solaris OpenSSH procedure.

C.5 Establishing a Secure Telnet Connection to the EAGLE using UNIX/Solaris OpenSSH

To establish a secure telnet connection to the EAGLE using OpenSSH from a UNIX/Solaris machine, perform these steps.

Open an Xterm window.
In the Xterm window, go to the bin folder in the folder where the OpenSSH software was installed.

For this example, enter this command

cd <install path>/OpenSSH/bin
In the Xterm window, enter the ssh command with these options and values.
- -N - once the authentication is complete, the ssh program executes in the background, meaning the prompt should be returned so that a second command can be entered following the semicolon.
- -f
- -L
- the local/forwarding port number, for this example, 23000
- the local loopback address, 127.0.0.1:23. Port 23 is reserved for ssh.
- The IP address of the EAGLE IPSM. For this example, 10:253.104.36.
- The telnet command with the local loopback address, without the port number, and the local/forwarding port number.
For this example, enter this command.

ssh -N -f -L 23000:127.0.0.1:23 10:253.104.36; telnet 127.0.0.1 23000
Note:
1. On Solaris 9 and later, SunSSH is installed. SunSSH is not compatible with the EAGLE secure Telnet terminals. If you have any questions about which version of ssh in being invoked, enter the Unix command which ssh to ensure that OpenSSH is being used instead of the Sun version.
2. When issuing the ssh command, if the IPSM on the EAGLE has undergone a hard reset, the ssh key stored in the local_host file must be purged.
3. If you are making the connection to the EAGLE for the first time, and you are prompted to accept the ssh key, accept the ssh key and proceed to 4.
When the Eagle prompt is received in the Xterm window, choose an EAGLE terminal and login with your EAGLE username and password.
To logout of the EAGLE and close the secure telnet connection, perform these actions.
- At the EAGLE, enter the logout command.
- Press the Ctrl+] keys to receive the telnet prompt.
- Enter quit.