Rugged Operating System (ROS Ã‚Â® ) Software User ... - RuggedCom

More documents

Recommendations

Info

Chapter 2 Administration RUGGEDCOM ROS User Guide Section 2.2 The ROS Secure Shell Server Section 2.2.1 Using a Secure Shell to Access the User Interface SSH (Secure Shell) is a network protocol which provides a replacement for insecure remote login and command execution facilities, such as Telnet and remote shell. SSH encrypts traffic in both directions, preventing traffic sniffing and password theft. NOTE SSH requires a private and public key pair. A 1024-bit private/public key pair is built into the firmware by default. ROS will also auto-generate keys if user-generated keys are not provided. These keys are encrypted and obfuscated to hinder reverse engineering efforts. Default and auto-generated keys can be superceded by uploading a key pair to the device. Siemens strongly encourages users to replace the default keys for improved security. Private and public keys are stored in the ssh.keys file. This file is write-only and can only be replaced by admin users. It can not be downloaded from the device. If the file is empty, a Default Keys In Use for SSH alarm is generated. SSH protocol version 2 is implemented in ROS. The authentication method is “keyboard-interactive” password authentication. A user logged in via SSH has the same privileges as one logged in via the console port. Section 2.2.2 Using a Secure Shell to Transfer Files ROS implements an SFTP server via SSH to transfer files securely. The file system visible on the switch has a single directory. The files in it are created at startup time and can be neither deleted nor renamed. Existing files can be downloaded from the switch. For example, firmware images may be downloaded for backup and log files may be downloaded for analysis. Some files may be overwritten by uploading a file of the same name to the switch, as would be done in order to upgrade the firmware. Parameter dir/ls get put Description list directory contents download a file from the switch upload a file to the switch Parameter main.bin boot.bin config.csv fpga.xsvf Description main ROS firmware image Switch bootloader image ROS configuration file FPGA configuration file 36 The ROS Secure Shell Server
RUGGEDCOM ROS User Guide Chapter 2 Administration Section 2.3 The ROS Web Server Interface Section 2.3.1 Using a Web Browser to Access the Web Interface A web browser uses a secure communications method called HTTPS (Hypertext Transfer Protocol Secure) to encrypt traffic exchanged with its clients. The web server guarantees that communications with the client are kept private. If the client requests access via an insecure HTTP port, it will be rerouted to the secure port. Access to the web server via HTTPS will be granted to a client that provides a valid user name / password pair. NOTE HTTPS requires SSL private and public keys. SSL private and public keys are built into the firmware by default. ROS will also auto-generate keys if user-generated keys are not provided. These keys are encrypted and obfuscated to hinder reverse engineering efforts. Default and auto-generated keys can be superceded by uploading a key pair to the device. Siemens strongly encourages users to replace the default keys for improved security. Custom private and public keys are stored in the ssl.crt file. This file is write-only and can only be replaced by admin users. It cannot be downloaded from the device. If the file is empty, a Default Keys In Use for SSL alarm is generated. NOTE It can happen that upon connecting to the ROS web server, a web browser may report that it cannot verify the authenticity of the server's certificate against any of its known certificate authorities. This is expected, and it is safe to instruct the browser to accept the certificate. Once the browser accepts the certificate, all communications with the web server will be secure. Start a web browser session and open a connection to the switch by entering a URL that specifies its host name or IP address. For example, in order to access the unit at its factory default IP address, enter https://192.168.0.1. Once in contact with the switch, start the login process by clicking on the “Login” link. The resulting page should be similar to that presented below: Figure 10: The ROS log in page CAUTION! To prevent unauthorized access to the device, make sure to change the default username and password for each user level (i.e. operator, guest and admin) before commissioning the device. It is recommended that each username and password be unique and customized to the user to add an additional level of security. The ROS Web Server Interface 37
Page 1 and 2: Preface Introduction 1 RUGGEDCOM RO
Page 3 and 4: RUGGEDCOM ROS User Guide Table of C
Page 11 and 12: RUGGEDCOM ROS User Guide Preface Pr
Page 13 and 14: RUGGEDCOM ROS User Guide Preface Ac
Page 15 and 16: RUGGEDCOM ROS User Guide Chapter 1
Page 49: RUGGEDCOM ROS User Guide Chapter 2
Page 101 and 102:
RUGGEDCOM ROS User Guide Chapter 4
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
show all

Rugged Operating System &#40;ROS Ã‚Â® &#41; Software User ... - RuggedCom

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

Rugged Operating System (ROS Ã‚Â® ) Software User ... - RuggedCom