4 Replies Latest reply on Feb 22, 2013 9:55 AM by danb

    SSH access from device to device

    danb Visitor

      Assuming that they have been configured to allow telnet access, we can telnet to other devices on our networks.  I have been warned of the insecurity of the Telnet protocol.  So how do we SSH around our network with the same type of "#telnet 10.200.4.15" command?

       

      #ssh 10.200.4.15 doesn't work and appears that it's not an option.

       

      Thank you,

      Dan

        • Re: SSH access from device to device
          mick Visitor

          Telnet clients send username and password in clear text, so someone  who's eavesdropping in your network will be able to capture these.  If you trust all your users in your LAN then this may not be a problem.  SSH (secure shell) encrypts all communications between endpoints and therefore is more secure.

           

          Just like telnet, where you have a device where telnetd is listening and a client you use to connect from, you will need an sshd service running on the device you want to connect to and an ssh client on the device you are using to connect from.

           

          You did not explain where you tried to run the ssh command from.  I'm filling the gaps here, but please correct my assumptions if I got it wrong:

           

          You were using a terminal in a MSWindows PC and you tried to run the ssh command from there.  MSWindows does not come with a ssh client.  You will need to install a 3rd party application for this purpose, like PuTTY:  http://www.putty.org/

           

          When you fill in the required device connection details and initiate a connection, PuTTY will open a terminal from which after you login, you can run commands on the remote device.


          Hope this helps.

          --

          Regards,

          Mick

            • Re: SSH access from device to device
              danb Visitor

              Mick,

               

              Sorry, I should have explained it in more detail.  What I meant from 'device to device' is from Adtran Netvanta device to Adtran Netvanta device.  I am aware of, and able to, complete an ssh connection from my management PC to the first Netvanta device.  However, I cannot from the # prompt of the switch or router enter the conmmand:

              router# ssh 10.200.4.15

              with the expectation that it would operate similar to:

              router# telnet 10.200.4.15

               

              I have a customer who is focused on security of his network.  We need to manage over 24 Netvanta switches and routers on his network. First, he has asked to have all telnet access turned off.  Not just restricted by ACLs, but turned off.  Secondly, we need to access his network securely and remotely.  It is not efficient to create a separate ssh session with every device as we move through to make changes or to troubleshoot a problem.  We were looking for a way to ssh around his network as we do today (using telnet).

               

              Suggestions?

                • Re: SSH access from device to device
                  mick Visitor

                  I see, thanks for clarifying this.  What I normally use for this purpose is a VPN connection to the edge router and once within the LAN I then ssh into router/switches from there.  I use SSL certificates for VPN authentication instead of PSK for increased security.

                   

                  Unfortunately I don't have access to a 3400, but I thought that the current Netvanta firmware does not offer a ssh client, only a ssh server with limited functionality (e.g. no port forwarding, or ssh SOCKS server).  There may be some undocumented functionality in the firmware, but we'll need Adtran support to confirm this.

                   

                  PS.  There's been a feature request for both of these requirements:  https://supportforums.adtran.com/message/3432#3432

                  --

                  Regards,

                  Mick

              • Re: SSH access from device to device
                danb Visitor

                "VPN connection to the edge router and once within the LAN I then ssh into router/switches from there."

                Yes, this is exactly what we do now.


                "but I thought that the current Netvanta firmware does not offer a ssh client,"

                Ah, this is exactly what I need to know!  Or if there is a workaround.


                But...  by the looks of this we don't have it yet:

                "There's been a feature request for both of these requirements:  https://supportforums.adtran.com/message/3432#3432"

                 

                Dan