Manualshelf

User's Manual

ManualsBrandsTrio Datacom ManualsElectronicsUHF Remote Data Radio
919293949596979899100
91
Document Number: 0100SM1401 Issue: 10-14
The client will take the following process to authenticate the server:
•The client requests the device finger print from the server it is trying to connect to.
•Once the client has received the server’s finger print, it will check it’s own records to see whether it already has this
finger print in memory.
•If it does have the finger print on record, the connection between the client and the server should automatically begin.
•If the client does not have the finger print in memory, a security alert will appear, advising the user that either an
attacker could be an intercepting the device as it does not have the finger print on record, or it is a new device that it
has not connected to before.
Secure Shell (SSH)
Secure Shell (SSH) provides a secure alternative to standard Telnet. To access the Q data radio’s Text User Interface (TUI)
via the embedded SSH server, use an SSH client. The following example shows how to access a Q data radio’s TUI using a
commonly used Windows SSH client called PuTTY.
Before you can connect to the TUI via SSH, ensure that
the SSH server within the Q data radio is enabled (set
to SSH Terminal to Enable). For security reasons, the
SSH server is disabled by default. It can be enabled
via the web user interface. Enable the interface via the
“Configuration -> Security” menu item as shown.
Upon enabling SSH, you will also be required to fill out a
user name and password. Ensure you record this user
name and password for future use.
In order for the SSH client to know it is communicating
with the device it is addressing (not a man in the middle),
the client will attempt to first authenticate the server.
As there is no way of differentiating between a man in the middle attack or a first time connection due to the finger print not
stored on the client’s records, it is advised that the SSH server (Q data radio) is always connected locally to the client and
read before they are deployed in the field. This will allow the client to store the server’s finger print on record and will help
prevent any chances of undetected “man in the middle” attacks.
Once a finger print has been stored into memory, it can be extracted from the registry (Putty example only)
HKEY_CURRENT_USER\Software\SimonTatham\Putty\SSHHostKeys.
This can then be deployed into another client PC if required.
Part H – Advanced