The Secure Shell port (SSH)

Revised for CPX 4.7.0.
Configuration of SSH port
Statistics of SSH port


The Secure Shell (SSH) port is used within the Abilis CPX to implement the homonymous applicative program.

SSH port configuration top

The Secure Shell port is identified by the mnemonic "SSH" and is provided with the parameters described in this section.

Here are examples on how to display the SSH port parameters. Dispalyed values are the default ones.

[16:04:54] ABILIS_CPX: D P PO:SSH                                               
                                                                               
PO:906 - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------
SSH    ------------------------------------------------------------------------
       lowpo:901   TYPE:USER  MCAU:NO  ps:128  tcpport:22     KEEPALIVE:NO     
       WDIR:C:\APP\SSH\                                                        
       --Server----------------------------------------------------------------
       PSER:SSHS>             AC:YES               DT:15                       
       PWD:                   CDO:00               UDO:CP            ser:3     
       IPSRC:*                IPSRCLIST:#                            MAXAUTH:6   
       KEYLEN:768             KEYREGENT:60         HOSTKEYLEN:1024             
       S-CIPHERS:DES,3DES                  S-AUTH:PWD                          
       --Client----------------------------------------------------------------
       PCLI:SSHC>             CDI:*                UDI:*             cli:3     
       DFT-CIPHER:3DES        MAXPROMPT:3                                      
       C-CIPHERS:DES,3DES                  C-AUTH:PWD   

To activate changes made on the parameters displayed by low case characters, it is needed to restart the system; on the contrary for activating changes made on upper case parameters it is enough to execute the initialization command INIT PO:.
Changes made on TYPE: and MCAU: parameters are immediately active.

The "Not Saved (SAVE CONF)" message is displayed every time the port configuration is modified but not saved with the SAVE CONF command.

The "Not Refreshed (INIT)" message is displayed every time the port configuration is modified but not refreshed with the INIT PO: command.

Detail of the SSH port parameters


lowpo: Identifier of the Abilis CPX lower level port
NONE 1 - 999, NONE

It sets the Abilis CPX lower level port. It can only be an TCP port.

Value "NONE" isolates the SSH port.


TYPE: Port type
USER USER

This parameter is used for setting how the port has to behave if data compression is active.

The port connected to the X.25 network is defined NETWORK port; the one connected to the user equipment USER port.

The NETWORK port sends compressed data and expands the received ones; the USER port compresses the received data and sends the expanded ones.

The SSH port can be only USER.

warning! The changes made on this parameter are immediately activated, without the need of initialisation commands.


MCAU: Cause code modification in CLEAR packets sent
NO YES, NO

If MCAU is set to NO, Abilis CPX transports, without any changes, the cause and diagnostic code of the CLEAR packets; it also uses the F0 cause code and the suitable diagnostic one for all the CLEAR packets internally generated.

If MCAU is set to YES, Abilis CPX forces the cause code of the CLEAR packet sent to the value 00 (DTE originated), either for the external CLEAR and the internal ones

warning! The changes made on this parameter are immediately activated, without the need of initialisation commands.


ps: Maximum length of COR packet size
128 16, 32, 64, 128, 256, 512, 1024, 2048 (bytes)

Maximum length of COR packet size (in bytes).


tcpport: Identifier of the IP local port used
22 23

It sets the local IP port used by the SSH port. The IP number assigned by default to the SSH process (according to recommendations) is 22.

This parameter has got only informative value and cannot be modified.


KEEPALIVE: Activation and setting of the "Keep-Alive" time-out
NO NO, 15 - 65535 (seconds)

It activates and set the value of the "Keep-Alive" time-out.

The "Keep-Alive" procedure, by sending the homonymous packets, keeps on the TCP connection even if data are not exchanged. The parameter set the idle time interval (in seconds) which precedes the activation of such procedure.

If the parameter is set to NO, the procedure is not active.

If its value belongs to the interval [15-65535], the procedure will be activated only when the correspondent time-out will run-over.


WDIR: Directory where HOST and SERVER keys are stored.
C:\APP\SSH\ from 0 up to 128 ASCII extended characters [32..255]

It selects the directory where HOST and SERVER keys are stored.

This parameter must be a physical full path in DOS notation, i.e. starting with a drive letter in the range ['A'..'Z'] and ending with the backslash ('\') character. Accepted values are strings of up to 128 ASCII extended characters in the range [32..255]. Spaces are allowed and strings holding spaces must be written between quotation marks (E.g.: "C:\My dir\"). The case of the entered string is preserved.


PSER: Identifier of the SSH Server
SSHS> from 0 up to 16 ASCII characters [33..126]

This parameter set the prompt of the commands interpreter of the SSH Server port.

The local IP address, expressed in Dotted Decimal Notation and in square brackets (e.g. [xxx.xxx.xxx.xxx] ), always precedes the prompt defined by the user.

It is possible to use string from 0 up to 16 ASCII characters characters in the range [33..126], spaces are not allowed.

For deleting the SSH Server identifier this parameter has to be left without value: "S P PO:xxx PSER:", where "xxx" stands for the SSH port identifier.


AC: Activation of the Autoconnection mode for the SSH Server
YES NO, YES

It selects the autoconnection mode for the SSH Server.

The default value is "YES". In this way the SSH Server automatically generates a connection request, using information configured in parameters CDO: and UDO:, whenever it receives a login request from a Client SSH Server.


DT: Inactivity disconnect time-out
15 0..255 (min.)

This parameter selects the idle time interval after which the connection is closed (in minutes).


PWD: SSH Server authentication password
YES from 0 up to 16 ASCII characters [33..126]

It sets the SSH Server password, which is asked at the connection.

It is possible to use from 0 up to 16 ASCII characters in the range [33..126], spaces are not allowed. No differences between low and high case characters are made.

Once it is set the new password will be, encryptly, saved on disk through the command "SAVE CONF".

Every time the user wants to access the SSH Server, he will need to insert the password.

For deleting the password this parameter has to be left without value: "S P PO:xxx PWD:", where "xxx" is the SSH port identifier.


CDO: Called NUA for outgoing X25BSVC call
00 from 1 up to 15 characters [0 - 9, #]

It sets the called address field of the SSH Server outgoing call. The default value, jointly with the parameter AC: set to "YES", allows to connect to the Control Port.


UDO: User data for outgoing X25BSVC call
CP from 1 up to 12 characters [0 - 9, a - z, A - Z, #]

It sets the User data field [1] of the SSH Server outgoing call. The default value, jointly with the parameter AC: set to "YES", allows to connect to the Control Port.


ser: Maximum number of servers
3 0..10

This parameter selects the number of SSH Server processes predisposed on the SSH port.


IPSRC: Accepted source IP address for incoming requests
* see table, *

The parameter configures the IP address of enabled source SSH Client system.

The allowed values are shown in the following table:

HEX: 00000000 01000000 - 7EFFFFFF 80000000 - DFFFFFFF
DDN: 0.0.0.0 1.0.0.0 - 126.255.255.255 128.0.0.0 - 223.255.255.255

IP addresses of class D and E are not currently supported.

The value '*' means "any Ip address" and it is used to enable SSH requests received from any SSH Client.


IPSRCLIST: List of accepted source IP addresses for incoming requests
# ListName, #

The parameter configures a list of IP addresses of enabled SSH Client systems.

It must be set to the name of an IP or IR or RU or MR list. The referenced list must already be defined in the Elements Lists service.

The value '#' stands for "no list".


KEYLEN: Server key length
768 512, 768, 1024 (bits)

This parameter selects the SSH Server RSA key length (in bits).


KEYREGENT: Server RSA key regeneration time
60 30..65535 (min.)

This parameter selects the SSH Server RSA key regeneration time (in minutes).


HOSTKEYLEN: Host key length
1024 512, 768, 1024 (bits)

This parameter selects the host RSA key length (in bits).


MAXAUTH: Maximum number of authentication attempts
6 1..10

This parameter selects the maximum number of authentication attempts for a SSH Client.


S-CIPHERS: Supported cryptography algorithms
DES,3DES ALL, IDEA, DES, 3DES, BF (values can be joined using "," operator)

This parameter selects the cryptography algorithms that are supported by the SSH Server.

It can be set to "ALL", i.e. all ciphers, or it can be a combination of the following available ciphers:

Cipher Type Description
IDEA IDEA in CFB mode
DES DES in CBC mode
3DES Triple-DES in CBC mode
BF Blowfish


S-AUTH: Supported authentication method
PWD NONE, PWD

This parameter selects the authentication method that is supported by the SSH Server.

Authentication methods Description
NONE No Authentication
PWD Password Authentication


PCLI: Identifier of the SSH Client
SSHC> from 0 up to 16 ASCII characters [33..126]

This parameter set the prompt of the commands interpreter of the SSH Client port.

The local IP address, expressed in Dotted Decimal Notation and in square brackets (e.g. [xxx.xxx.xxx.xxx] ), always precedes the prompt defined by the user.

It is possible to use string from 0 up to 16 ASCII characters characters in the range [33..126], spaces are not allowed.

For deleting the SSH Client identifier this parameter has to be left without value: "S P PO:xxx PCLI:", where "xxx" is the SSH port identifier.


CDI: Called NUA to match incoming X25BSVC call
* from 1 up to 15 characters [0 - 9, *]

It sets the called address field of the SSH Client incoming call.


UDI: User data to match incoming X25BSVC call
* from 1 up to 12 characters [0 - 9, a - z, A - Z, *]

It sets the User data field of the SSH Client incoming call.


cli: Maximum number of clients
3 0..10

This parameter selects the maximum number of SSH Clients processes predisposed on the SSH port.


DFT-CIPHER: Client cryptography algorithm
3DES IDEA, DES, 3DES, BF, AUTO

This parameter selects the default cipher type of SSH Client.

It can be one of the following available ciphers:

Cipher Type Description
IDEA IDEA in CFB mode
DES DES in CBC mode
3DES Triple-DES in CBC mode
BF Blowfish

If it is set to "AUTO" value, the SSH Client will try to select the cryptography algorithm automatically.


MAXPROMPT: Maximum number of password prompts
3 1..10

This parameter selects the maximum number of unsuccessful inputs of password for the SSH client.


C-CIPHERS: Supported cryptography algorithms
DES,3DES ALL, IDEA, DES, 3DES, BF (values can be joined using "," operator)

This parameter selects the cryptography algorithms that are supported by the SSH Client.

It can be set to "ALL", i.e. all ciphers, or it can be a combination of the following available ciphers:

Cipher Type Description
IDEA IDEA in CFB mode
DES DES in CBC mode
3DES Triple-DES in CBC mode
BF Blowfish


C-AUTH: Supported authentication methods
PWD NONE, PWD

This parameter selects the authentication method that is supported by the SSH Client.

Authentication methods Description
NONE No Authentication
PWD Password Authentication

SSH port statistics top

Example on how to show state and statistics of the SSH port through the command D S:

[10:56:27] ABILIS_CPX: D S PO:SSH

PO:906 ------------------------------------------------------------------------
SSH    STATE:READY    
       CH TYPE X25-State TCP-State LocAdd-LocPort        RemAdd-RemPort
       ------------------------------------------------------------------------
       1  CLNT READY     READY
       2  CLNT READY     READY
       3  CLNT READY     READY
       4  SERV READY     LISTENING 000.000.000.000-22
       5  SERV READY     LISTENING 000.000.000.000-22
       6  SERV CONNECTED CONNECTED 192.168.000.060-22    192.168.000.002-1662
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |         66|          0|CHAR       |       4103|         23|
       PCK        |         34|          0|CALL       |          0|          1|
       RESET      |          0|          0|
       ------------------------------------------------------------------------

Example on how to show extended statistics of the SSH port through the command D SE:

[10:56:30] ABILIS_CPX: D SE PO:SSH

PO:906 ------------------------------------------------------------------------
SSH    --- Cleared 000:00:06:50 ago, on 24/03/2004 at 17:10:39 ----------------
       CH TYPE X25-State TCP-State LocAdd-LocPort        RemAdd-RemPort
       ------------------------------------------------------------------------
       1  CLNT READY     READY                                                 
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |          0|          0|CHAR       |          0|          0|
       PCK        |          0|          0|CALL       |          0|          0|
       RESET      |          0|          0|
       ------------------------------------------------------------------------
       2  CLNT READY     READY                                                 
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |          0|          0|CHAR       |          0|          0|
       PCK        |          0|          0|CALL       |          0|          0|
       RESET      |          0|          0|
       ------------------------------------------------------------------------
       3  CLNT READY     READY                                                 
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |          0|          0|CHAR       |          0|          0|
       PCK        |          0|          0|CALL       |          0|          0|
       RESET      |          0|          0|
       ------------------------------------------------------------------------
       4  SERV READY     LISTENING 000.000.000.000-22                          
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |          0|          0|CHAR       |          0|          0|
       PCK        |          0|          0|CALL       |          0|          0|
       RESET      |          0|          0|
       ------------------------------------------------------------------------
       5  SERV READY     LISTENING 000.000.000.000-22                          
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |          0|          0|CHAR       |          0|          0|
       PCK        |          0|          0|CALL       |          0|          0|
       RESET      |          0|          0|
       ------------------------------------------------------------------------
       6  SERV CONNECTED CONNECTED 192.168.000.060-22    192.168.000.002-1662  
       -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
       SEG        |         66|          0|CHAR       |       4103|         23|
       PCK        |         34|          0|CALL       |          0|          1|
       RESET      |          0|          0|
       ------------------------------------------------------------------------	   

The information "Cleared DDD:HH:MM:SS ago, at DD/MM/YYYY HH:MM:SS", referred by the extended statistics, shows the elapsed time from the last reset of the statistics (by the format "days:hours:minutes:seconds") and date/time of its execution (by the format "day/month/year" and "hours:minutes:seconds").

Detail of the state fields and statistics of the SSH port


STATE: Current state of the SSH port
READY, DOWN, ERR

It shows the current state of the the SSH port.

Driver States Meaning Values shown in:
System Log Events Log Display LCD
SSH READY ...     RD
DOWN ...     DN
ERR Software error, contact the Abilis assistance     NA


CH Channel identifier
0 - (ser: + cli:)

It shows the number of channel on the SSH port. The maximum number of the available channels is given by the number of Server processes (configuration parameter ser:) summed to the number of Client ones (configuration parameter cli:).


TYPE Process type
SERV, CLNT

It shows the type of the process active on the channel: the abbreviation "SERV" identifies the Server process, the one "CLNT" the Client process.


X25-State Connection state
READY, LISTEN, CALLING, CONNECTED, CLEARING, CLEARED, ERR

It shows the current state of the connection, towards the Connection Oriented Router.

States Meaning
READY Session is ready to send the connection request
LISTEN Session is ready to receive the connection request
CALLED Session is establishing the connection
CALLING
CONNECTED Session is connected
CLEARED Session is disconnecting
CLEARING
ERR Software error, contact the Abilis assistance


TCP-State Connection state towards the TCP port
DOWN, READY, LISTEN, CALLING, CONNECTED, CLEARING, CLEARED, ERR

It shows the current state of the connection, towards the TCP port.

States Meaning
DOWN The parameter LOWPO: is set to NONE or the driver is not able to connect to the TCP lower level port
READY Connection is closed
LISTEN Connection is active and it is waiting to receive/send connection requests
CALLED Connection is going to be established
CALLING
CONNECTED Connection is active
CLEARING Connection is going to be closed
CLEARED
ERR Software error, contact the Abilis assistance


LocAdd IP local address used by the connection
0 - 255.255.255.255

It shows the IP local address used by the connection, whose state has not to be READY.


LocPort IP local port used by the connection
0 - 65.535

It shows the IP local port used by the connection, whose state has not to be READY.


RemAdd IP remote address used by the connection
0 - 255.255.255.255

It shows the IP remote address used by the connection, whose state has not to be READY.


RemPort IP remote port used by the connection
0 - 65.535

It shows the IP remote port used by the connection, whose state has not to be READY.


SEG Overall number of segments received/sent in all the sessions
0 - 4.294.967.295

The counter SEG (INPUT) is incremented every time a packet is received, while the counter SEG (OUTPUT) every time a packet is sent.


CHAR Overall number of characters received/sent in all the sessions
0 - 4.294.967.295

The counter CHAR (INPUT) is incremented every time a packet is received, while the counter CHAR (OUTPUT) every time a packet is sent.


PCK Overall number of packets received/sent in all the sessions
0 - 4.294.967.295

The counter PCK (INPUT) is incremented every time a packet is received, while the counter PCK (OUTPUT) every time a packet is sent.


CALL Overall number of calls sent/received in all the sessions
0 - 4.294.967.295

The counter CALL (INPUT) is incremented every time a connection request is received, while the counter CALL (OUTPUT) every time a connection request is sent.


RESET Overall number of resets sent/received in all the sessions
0 - 4.294.967.295

The counter RESET (INPUT) is incremented every time a Reset is received, while the counter RESET (OUTPUT) every time a Reset is sent.


Detail of the extended statistics of the SSH port


SEG Number of segments received/sent by the session
0 - 4.294.967.295

The counter SEG (INPUT) is incremented every time a packet is received, while the counter SEG (OUTPUT) every time a packet is sent by the session.


CHAR Number of characters received/sent by the session
0 - 4.294.967.295

The counter CHAR (INPUT) is incremented every time a packet is received, while the counter CHAR (OUTPUT) every time a packet is sent by the session.


PCK Number of packets received/sent by the session
0 - 4.294.967.295

The counter PCK (INPUT) is incremented every time a packet is received, while the counter PCK (OUTPUT) every time a packet is sent by the session.


CALL Number of calls sent/received by the session
0 - 4.294.967.295

The counter CALL (INPUT) is incremented every time a connection request is received, while the counter CALL (OUTPUT) every time a connection request is sent by the session.


RESET Number of resets sent/received by the session
0 - 4.294.967.295

The counter RESET (INPUT) is incremented every time a Reset is received, while the counter RESET (OUTPUT) every time a Reset is sent by the session.



[1] The parameter "UDO:" always refers to the user data, starting from the 5th byte. If the settings of the parameter "UDO:" need the user data, they will be set starting from the 5th byte and in the missing position (from 1st to 4th) the sequence "01000000" will be added.

printPrint this page