Rugged Operating System (ROS ® ) Software User ... - RuggedCom
Rugged Operating System (ROS ® ) Software User ... - RuggedCom
Rugged Operating System (ROS ® ) Software User ... - RuggedCom
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 2<br />
Administration<br />
RUGGEDCOM <strong>ROS</strong><br />
<strong>User</strong> Guide<br />
Section 2.2<br />
The <strong>ROS</strong> Secure Shell Server<br />
Section 2.2.1<br />
Using a Secure Shell to Access the <strong>User</strong> Interface<br />
SSH (Secure Shell) is a network protocol which provides a replacement for insecure remote login and command<br />
execution facilities, such as Telnet and remote shell. SSH encrypts traffic in both directions, preventing traffic<br />
sniffing and password theft.<br />
NOTE<br />
SSH requires a private and public key pair. A 1024-bit private/public key pair is built into the firmware<br />
by default. <strong>ROS</strong> will also auto-generate keys if user-generated keys are not provided. These keys are<br />
encrypted and obfuscated to hinder reverse engineering efforts.<br />
Default and auto-generated keys can be superceded by uploading a key pair to the device. Siemens<br />
strongly encourages users to replace the default keys for improved security.<br />
Private and public keys are stored in the ssh.keys file. This file is write-only and can only be replaced<br />
by admin users. It can not be downloaded from the device. If the file is empty, a Default Keys In Use for<br />
SSH alarm is generated.<br />
SSH protocol version 2 is implemented in <strong>ROS</strong>. The authentication method is “keyboard-interactive” password<br />
authentication. A user logged in via SSH has the same privileges as one logged in via the console port.<br />
Section 2.2.2<br />
Using a Secure Shell to Transfer Files<br />
<strong>ROS</strong> implements an SFTP server via SSH to transfer files securely. The file system visible on the switch has a<br />
single directory. The files in it are created at startup time and can be neither deleted nor renamed. Existing files<br />
can be downloaded from the switch. For example, firmware images may be downloaded for backup and log files<br />
may be downloaded for analysis. Some files may be overwritten by uploading a file of the same name to the<br />
switch, as would be done in order to upgrade the firmware.<br />
Parameter<br />
dir/ls<br />
get<br />
put<br />
Description<br />
list directory contents<br />
download a file from the switch<br />
upload a file to the switch<br />
Parameter<br />
main.bin<br />
boot.bin<br />
config.csv<br />
fpga.xsvf<br />
Description<br />
main <strong>ROS</strong> firmware image<br />
Switch bootloader image<br />
<strong>ROS</strong> configuration file<br />
FPGA configuration file<br />
36 The <strong>ROS</strong> Secure Shell Server