CLI Remote device control by the command line is available via using Telnet protocoland SSH protocols.
In order to connect to the unit use Telnet protocol from the wired LAN with 10.10.10.1 IP-address that is configured for the Ethernet interface of the device by default.
If all above are completed correctly, you will see the WanFlex OS prompt.
SSH protocol
SSH (Secure Shell) protocol allows secure remote management of network devices. Its functionality is similar to Telnet protocol but, as opposed to Telnet, SSH encodes all protocol messages/datagrams including transmitted passwords. SSH Server (SSH daemon) configuration is performed using "sshd" command. By default, the SSH Server is disabled.
Syntax:
| Code Block |
|---|
|
sshd -help, -h
sshd -port=PORT
sshd -window=SIZE
sshd -keepalive=TIME
sshd -banner=on | off
sshd -log-level={emerg|alert|crit|error|warning|notice|info|debug|LEVEL} [notice]
sshd -algo-list
sshd -kex-algos[=ALGO-LIST]
sshd -hostkey-algos[=ALGO-LIST]
sshd -cipher-algos[=ALGO-LIST]
sshd -hash-algos[=ALGO-LIST]
sshd -comp-algos[=ALGO-LIST]
sshd -auth-methods[=AUTH-METHODS-LIST]
sshd start
sshd stop
sshd newkeys
sshd pub[key] {sh[ow] | cl[ear] | de[lete] N}
sshd pub[key] {in[stall] | im[port] [LOGIN[:PASSWORD]@]HOST/FILE} [COMMENT] |
| Center |
|---|
| Parameter | Description |
|---|
-help, -h | Displays the command syntax. | -port=PORT | SSH Server TCP port number, which is used to receive connections SSH, by default is 22. | -window=SIZE | Allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for "SSH Client - SSH Server" data channel. By default, SSH Server window size is 24576 bytes. | -keepalive=TIME | Sets session activity check duration period in seconds. By default server doesn’t make activity check (“0” value). | -banner=on | off | Shows/hide IW WANFleX SSH information banner after loggin. | -log-level={emerg|alert|crit|error|warning|notice|info|debug|LEVEL} [notice] | Allows choosing logging levels of the SSH Server service information that will be written into the system log, to manage system log please use "sys log" command. Different levels of logging can be chosen by "emerg", "alert", "error", "warning", "notice", "info", "debug" parameters or specified by the number of the needed level (from 0 to 7) using numeric "LEVEL" parameter. By default, "info" (6th level) is chosen. | -algo-list | Shows a list of all available SSH algorithms for key exchange ( kex ), authentification ( host key ), data encoding (cipher), data verification ( hash ) and data compression ( compress ). | -kex-algos[=ALGO-LIST] | Choosing kex algorithms from the list of algorithms (ALGO-LIST), to be used in SSH key exchange process. | -hostkey-algos[=ALGO-LIST] | Choosing host key algorithms from the list of algorithms (ALGO-LIST), to be used in SSH Server-Client authentification process. | -cipher-algos[=ALGO-LIST] | Choosing cipher algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data encoding. | -hash-algos[=ALGO-LIST] | Choosing hash algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data verification. | -comp-algos[=ALGO-LIST] | Choosing compression algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data compression. | -auth-methods[=AUTH-METHODS-LIST] | C hoosing an available authentication method from the (AUTH-METHODS-LIST) list. An "all" value enables all authentication methods (set by default). | start | Starts SSH Server. | stop | Stops SSH Server. | newkeys | Host Keys re-generation. | Note |
|---|
| When first-time started SSH Server generates DSS and RSA Host Keys to be used for public key based SSH Server authentication. |
| pub[key] {sh[ow] | cl[ear] | de[lete] N} | - "show" – shows SSH Client’s public keys that are registered in the SSH Server list.
- "clear" – deletes all the SSH Client’s public keys from the SSH Server.
- "delete" – deletes a certain SSH Client’s public key from the SSH Server list. Parameter "N" – is an index of the key in the list.
| pub[key] {in[stall] | im[port] [LOGIN[:PASSWORD]@]HOST/FILE} [COMMENT] | Allows enabling public key based authentification of SSH Clients. In the Public key authentication mode SSH Server authorize SSH Client bypassing password login procedure. This mode is enabled automatically once a public key of the SSH Client is cached in SSH Server’s registry: - "install" – sets the SSH client public key in the SSH server registry.
- "import" – imports an SSH client's public key into the SSH server registry from a remote FTP server:
- "HOST" – remote FTP server IP address.
- "FILE" – file containing SSH Client’s RSA/DSS public key in OpenSSH or SSH2 format. If login and password are set on the remote FTP server they should be specified as "LOGIN" and "PASSWORD" parameters.
- "COMMENT" – allows adding a comment to the public key entry in the SSH Server list of clients public keys. By default, a comment with clients IP address or FTP IP address from where the key was obtained is added.
|
|
| Note |
|---|
|
By default SSH Server applies only password authentication. However, this may not be enough to provide the necessary security level. InfiNet Wireless devices have several built-in SSH authentication methods, which are managed by "sshd pubkey" and "sshd -auth-methods" command. At the same time, an SSH Server will keep the connected SSH client public key. |
Command Line
For device’s management and configuration a Unix-like command line language is used. Every command starts having the power right after "Enter" key is pressed. However, each command lifetime duration is limited within one configuration session. In order to save a current configuration “config save” command is used.
...