SSH
Secure Shell (SSH) version 2 enables secure network terminal sessions between a Sentry Remote
Power Manager and a remote user over insecure network. SSH provides an encrypted terminal sessions
with strong authentication of both the server and client, using public-key cryptography and is typically
used as a replacement for unencrypted Telnet. In addition to enabling secure network terminal sessions
to the Sentry for configuration and power management, the SSH session may be used for secure Pass-
Thru connections to attached devices.
SSH requires the configuration and use of a client agent on the client PC. There are many freeware,
shareware or for-purchase SSH clients available. Two examples are the freeware client PuTTY and the
for-purchase client SecureCRT® by VanDyke® Software. For configuration and use of these clients,
please refer to the applicable software documentation.
SSH Command Summary
Command Description
Set SSH Enables/disables SSH support
Set SSH port Sets the SSH server port number
Enabling and Setting up SSH Support
NOTE: A restart of the Sentry is required after setting or changing ANY SSH configurations. See Performing a warm
boot on page 38 for more information.
Enabling or disabling SSH support
The Set SSH command is used to enable or disable SSH support.
To enable or disable SSH support:
At the Sentry: prompt, type set ssh, followed by enabled or disabled and press Enter.
Changing the SSH server port
With SSH support enabled, the SSH server watches and responds to requests on the default SSH port
number 22. This port number may be changed using the Set SSH Port command.
To change the SSH port:
At the Sentry: prompt, type set ssh port, followed by the port number and press Enter.
Example
The following changes the SSH port number to 65535:
Sentry: set ssh port 65535<Enter>
SSH Technical Specifications
Secure Shell (SSH) version 2
Asymmetric Cryptography:
Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification
Symmetric Cryptography:
AES256-CBC RIJNDAEL256-CBC 3DES-192-CBC
AES192-CBC RIJNDAEL192-CBC BLOWFISH-128-CBC
AES128-CBC RIJNDAEL128-CBC ARCFOUR-128
Message Integrity:
HMAC-SHA1-160 HMAC-SHA1-96
HMAC-MD5-128 HMAC-MD5-96
Authentication:
Username/Password
Session Channel Break Extension (for RS232 Break)
Sentry PT22 Advanced Operations • 47
Installation and Operations Manual